Panda Software’s weekly report on viruses and intruders looks at three malicious codes: the Banker.FJI trojan and the Foamer.A and Spamta.NB worms.
Banker.FJI is a trojan that displays false login screens when users visit the web pages of certain Brazilian banks, such as Banco do Brasil, Bradesco or Itau. When users enter their login details in the spoof pages, or in the legitimate pages monitored by the Trojan, this data is entered in a text file which is then sent to the creator of the trojan.
It also monitors the Internet traffic generated when visiting websites related with Banco do Brasil.
Banker.FJI cannot spread automatically using its own means and therefore, needs an attacker to distribute it. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
The trojan is easy to recognize once it has infected a computer, as when it is run it displays a message on-screen.
Foamer.A is a worm that tries to connect to a certain web page to download all sorts of files including malicious software. Another feature is that it disables the Windows Task Manager and Registry Editor and sends an email message to the creator with information about the affected computer, such as the user name and computer name.
On the other hand, if the user opens the CMD console, Foamer.A empties the screen, displays the message “THE WORLD-WIDE DONT ACCEPT COMMAND PROMPT!!!!” and then automatically closes it. This worm spreads across networks and is difficult to recognize at a glance, as it displays no messages or warnings to alert of its presence.
Finally, Spamta.NB is an email worm aimed at spreading a trojan called SpamtaLoad.BL. It does this by sending email messages with attachments that contain the trojan.
These messages have variable subjects and message texts, as does the file that contains SpamtaLoad.BL. This trojan downloads Spamta.NB on the system, so that cycle is repeated every time a computer is infected.
All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free solution available at: www.pandasoftware.com/activescan. Users can carry out a complete inspection, free of charge, of all the areas of their computers that they suspect may be infected.
For further information about these and other computer threats, visit Panda Software’s Encyclopedia http://www.pandasoftware.com/virus_info/encyclopedia/ or contact Panda Software
