Weekly report on viruses and intruders

Send to friend

This week's virus report looks at four worms -Tasin.A, Tasin.B, Tasin.C and Yanz.B-, and a Trojan called Skulls.A.

The A, B and C variants of Tasin send themselves out via email using their own SMTP engine and through their own local SMTP server in variable messages with text in Spanish. The three variants contain code that tries to delete files with the following extensions: ASM, ASP, BDSPROJ, BMP, CPP, CS, CSPROJ, CSS, DOC, DPR, FRM, GIF, HTM, HTML, JPEG, JPG, MDB, MP3, NFM, NRG, PAS, PCX, PDF, PHP, PPT, RC, RC2, REG, RESX, RPT, SLN, TXT, VB, VBP, VBPROJ, WAV and XLS.

Tasin.B and Tasin.C try to download a DLL from the Internet. They also create the file "SS.EXE" in the Windows directory. This is a joke that Panda Software detects as Joke/Beeper.

Apart from these common features there are also a series of differences between Tasin.A, Tasin.B and Tasin.C. Including the following:

- Tasin.A establishes an HTTP connection with a certain website. After it's run, several messages appear on screen giving the impression that it's a game when really they aim to distract users while Tasin.A sends itself out rapidly via email.

- Tasin.B: displays an error message.

- Once it has infected a PC, Tasin.C opens Internet Explorer and displays an erotic image of a Spanish celebrity.

The fourth worm that we'll look at today is Yanz.B, which spreads in an email message written in English with variable characteristics, and also through P2P file-sharing programs. The email messages and contaminated files include references to the singer Sun Yan Zi.

Yanz.B creates three JPG files, one of which contains the exploit MS04-028.gen, which tries to exploit the 'Buffer Overrun in JPEG processing' vulnerability. If this file is opened using a vulnerable application, a file -which could be anything including malware- is downloaded from the Internet and executed.

We end today's report with Skulls.A, a Trojan that has been distributed through mobile cellphone forums. It affects mobile phones using the Symbian operating system. Although the initial targets were Nokia 7610 phones, other devices based on the Symbian operating system can also be affected by Skulls.A.

To install itself on a cellphone, Skulls.A requires user intervention. To attract the user's attention this Trojan simulates an installer for themes, icons, etc. However, when it is installed, it changes all application icons for skulls.

For further information about these and other computer threats, visit Panda Software's Virus Encyclopedia.

About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

For more information: http://www.pandasoftware.com/virus_info/

Comments (0)

Add a Comment

This thread has been closed from taking new comments.