Fwd: Oxygen3 24h-365d [Mitglieder Trojan overtakes Sober - 11-24-05]

[Guest guest]

I am not selling Panda. It is their alert.

 

--

 

- Mitglieder Trojan overtakes Sober -

Oxygen3 24h-365d, by Panda Software

(http://www.pandasoftware.com)

 

Madrid, November 24 2005 - PandaLabs has reported

the appearance of a

new variant of the Mitglieder family of Trojans,

Mitglieder.GB, which is

spreading rapidly, especially across Europe. The

most affected countries

are Poland, Belgium and France. It is currently

the most frequently

detected threat by the online antivirus solution

Panda ActiveScan,

overtaking Sober.AH. This Trojan was intercepted

by Panda Software's

TruPreventTM Technologies without prior

identification, so users of

these technologies have been protected against

this threat from the

outset. This family of Trojans caused a large

number of infections on

users' computers at the beginning of November,

causing the alert level

to reach orange.

 

Like all Trojans, Mitglieder.GB cannot spread by

itself and therefore,

must be distributed manually. The samples

received come from email

messages with a variable subject and message

body. However, all these

messages contain an attachment in zip format that

contains a copy of the

Trojan.

 

It is easy to identify if this Trojan has

affected a computer as its

symptoms are clearly visible. When it is run, it

opens the predefined

image viewer in Windows and shows an image of an

operating system logo

with a white background that is slightly blurred.

 

Once it has been installed, Mitglieder.GB inserts

keys in the Registry

to ensure it is run whenever the computer is

started up and randomly

tries to connect to a series of 50 URLs, which

are detailed in its code,

in order to access the file z.php, which can be

used to download other

malware to the system, or be malware by itself.

 

" We are experiencing a period of frenetic

activity for certain malware

families, such as Bagle, Mitglieder or Sober,

with a large number of

variants distributed over a short space of time, "

explains Luis Corrons,

director of PandaLabs. " The main aim of these

types of strategies is to

release a large number of variants so that the

number of infected email

messages in circulation is extremely high, posing

a risk in itself, due

to the confusion it causes users " .

 

To help as many users as possible scan and

disinfect their systems,

Panda Software offers its free, online

anti-malware solution, Panda

ActiveScan, which now also detects spyware, at

http://www.activescan.com. Webmasters who would

like to include

ActiveScan on their websites can get the HTML

code, free from

http://www.pandasoftware.com/partners/webmasters.

 

Panda Software also offers users Virus Alerts, an

e-bulletin in English

and Spanish that gives immediate warning of the

emergence of potentially

dangerous malicious code. To receive Virus Alerts

just visit Panda

Software's website

(http://www.pandasoftware.com/about/subscriptions/)

and complete the corresponding form.

 

More information about this and other threats is

available in Panda

Software's Encyclopedia at:

http://www.pandasoftware.com/virus_info/encyclopedia/

 

NOTE: The addresses above may not show up on your

screen as a single

line. This would prevent you from using the link

to access the web

page.If this happens, just use the 'cut' and

'paste' options to join the

pieces of the URL.

 

---------------------------

To from Oxygen3 24h-365d, please

visit:

http://www.pandasoftware.com/.asp

 

To contact with Panda Software, please visit:

http://www.pandasoftware.com/about/contact/

---------------------------

 

 

 

 

 

 

" When the power of love becomes stronger than the love of power, we will have

peace. "

Jimi Hendrix