Posted in GD as a public service.
The poster is not an employee of, or in any way associated with Panda Software.
---
Weekly virus report
Virus Alerts, by Panda Software (
http://www.pandasoftware.com)
Madrid, October 17, 2003 - Today's virus report will focus on three Trojans -Esepor.A, Mafia.A and the 'K' variant of Istbar-, and a worm called Logpole.A.
Esepor.A is a Trojan that reaches computers in a file called TMKSRVL.EXE. When this file is run, this Trojan checks if there is an open connection to the Internet and, if there is, it automatically downloads and runs a file called XPINSTALL.EXE. This file creates and registers a dynamic link library called XPLUGIN.DLL, which is an Internet Explorer plugin, and goes memory resident when the user connects to the Internet through this browser. Esepor.A is easy to recognize, as it displays a pop-up ad with pornographic content.
The second Trojan in today's report is Mafia.A, which looks for password for Outlook Express mail accounts (SMTP, POP3 and HTTP-Mail) in the Windows Registry and obtains information on the hard disks, memory installed, operating system, user name, microprocessor, etc. In computers running Windows .NET Server/XP/2000/NT it also looks for passwords in the memory cache. This malicious code then sends out the information it has obtained via e-mail.
Istbar.K is a Trojan that when the user visits certain web pages, displays a message on screen prompting the user confirm if ActiveX code can be run on the computer. If the user clicks on Yes, the ActiveX code downloads and installs several spy programs and malicious dialers and displays advertising web pages with pornographic content. Istbar.K also adds a toolbar to Internet Explorer and changes the home page of this browser.
The last malicious code in today's report is Logpole.A, a worm that spreads through the peer-to-peer (P2P) file sharing program KaZaA. When it is run, this malicious code goes memory resident. Logpole.A is difficult to recognize, as it does not display any warnings or message that indicate that it has infected a computer.
For further information about these and other malicious code, visit Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopediaAdditional information
- Cache: This is a small section of the computer's memory.
- Dynamic Link Library (DLL): A special type of file with the extension DLL.
- Resident: A program or file is referred to as resident when it is stored in the computer's memory, continuously monitoring operations carried out on the system.
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspxNOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.