Antivirus News

Gagar CC is a Trojan that connects to a certain IP address and downloads
another Trojan called Alanchum.MU. The latter, in turn, downloads the
following malware onto the infected computer:

* Duel.A: This worm uses specific techniques in its code in order to
hide while it is active.

* Nuwar.B: This Trojan spreads via email and downloads another Trojan,
Gagar.CB, onto the infected computer.

* Spammer.ER: This is a Trojan that provides the email addresses to
which to send Nuwar.B.

The second Trojan we are looking at this week is Mitglieder.LX.  This
malicious code downloads a file from several web pages and runs it on
the computer. The downloaded file is a variant of the Bagle worm.  It
passes itself off as a crack (a tool for removing protection from
original software) for a certain program.

RaHack.BB is a worm with no destructive effects.  Its main purpose, as
with all worms, is to spread to other computers. It can infiltrate
computers which have the Radmin remote-administration application by
exploiting weak passwords. Similarly, if the compromised computer is
part of a network, RaHack.BB will try to access shared resources on the
network and copy itself to them.

All users that want to know whether their computers have been attacked
by these or other malicious code can use ActiveScan, the free, online
solution available at: www.pandasoftware.com/activescan. This allows
users to thoroughly scan their computers if they suspect they have been
infected.