Todays report looks at the A, B and C variants of the Lebreat worm, two hacking tools -RemoteLogger and AFXFireWall.A- and a type of adware called E-Eliminator.
Lebreat.A, Lebreat.B and Lebreat.C are three email worms with variable characteristics that can also spread via Internet, exploiting the LSASS vulnerability.
The A, B and C variants of Lebreat take a range of action on infected computers including:
- Downloading other malware.
- Launching denial of service attacks against a web page.
- Disabling several Windows tools, such as the task manager and the firewall in Windows XP.
- Creating a mutex to ensure that only one copy of the malicious code is active at any time.
The first hacking tool were looking at today is RemoteLogger, which can be remotely installed by sending a small installer to the target computer and getting the user to run it. Once installed, it logs keystrokes and can be used to collect personal data such as passwords- with the threat that this represents for user privacy. This hacking tool can also monitor different users of the same PC.
Information compiled by RemoteLogger can be sent out via email or uploaded to a certain FTP server.
AFXFireWall.A, filters SYN (SYNchronize) packets. When an SYN packet is sent to an unauthorized TCP port, AFXFireWall.A responds with an RST packet, automatically closing the connection. The files of this hacking tool can normally be found in a firewall called FIREWALL.ZIP.
We end todays report with E-Eliminator, an adware installed on computers when users visit certain pages with adult or illegal content. Once it has infected a computer, it displays a page in the browser announcing that all information about what the user has been doing online has been logged. To resolve the situation, the page recommends that users access certain software.
In order to further create a sense of insecurity, and therefore encourage the user to buy the recommended software, E-Eliminator changes the Internet Explorer home page. This adware also changes the search page.
- Mutex (Mutual Exclusion Object): a technique used to control access to resources (examples: programs or even other viruses) and prevent more than one process from simultaneously accessing the same resource.
- SYN packets (SYNchronize): packets used in TCP/IP protocol to syhncronize the connection.
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/