Panda Security’s weekly report on viruses and intruders

The LunchLoad.A and FakeGoogleBar.M Trojans are the two new strains of malware in this week’s PandaLabs report. It also includes information about four new security patches published by Microsoft.

LunchLoad.A reaches systems under the name backup2_36. When run, it drops several files onto computers which contain the information needed by the creator to identify the malware on connecting to the computer. To make the connection, the Trojan connects to a server from which it receives the orders about the malware to download, when to run it, etc. It also records the MAC address of each of the computers infected.

FakeGoogleBar.M is designed to alter the Google toolbar. When this toolbar is not installed on a PC, the file creates several other files that allow it to operate all the same. Malicious action begins with the editing of several Windows Registry entries to allow a DLL library to be injected in the browser, so that whenever it is used, the Trojan is run.

The Trojan also opens a port on the computer and establishes an HTTP connection through which to send confidential information to the creator. To obtain this data, FakeGoogleBar.M logs words entered by the user in several search engines including Google or Yahoo. It also copies all URLs containing key words like bank or .gov. This stolen information is then sent to the creator of the malware through a purpose-built website.

Finally this week, Microsoft has published four security patches to fix several vulnerabilities in its products. One of these affects Microsoft Agent and has been classed as critical. This problem could allow a remote attacker to run arbitrary code on affected systems.

The remaining vulnerabilities have been classified as important. One of these affects Visual Studio, another Windows Services for UNIX and the last one MSN Messenger and Windows Live Messenger.

For more information and access to the security patches go to: http://www.microsoft.com/spain/athome/security/update/bulletins/200709.mspx

For more information about these and other computer threats, visit Panda Security's Encyclopedia.

If you think your computer might have been infected by other malicious codes, you can scan it free at www.infectedornot.com

• RSS Feed

  http://www.pandasecurity.com/virus_info/exports/rss/pandaeng.xml

• Add this content to   del.icio.us

• Add this content to Digg It!

• Add this content to   MyWeb

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients safe. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent® Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users. More information is available in the PandaLabs blog.