Panda Software’s TruPrevent Tecnologies have detected and blocked the Alanchum.NX Trojan and all of its variants with no need to have identified them previously. As a result, users of these technologies have been protected against these threats since they emerged. The different variants of Alanchum are spreading in several waves of spam with a large variety of subjects, including: “230 dead as storm batters
Alanchum.NX is a downloader Trojan capable of downloading other files to the affected computer. According to PandaLabs, these files include updates of itself, which allows the Trojans to transform into a new variant with every update. One of these variants even uses rootkit techniques to hide on the affected computer. Also, the various updates trigger the appearance of several waves of infected messages with different subjects, as every new variant changes the subject of the messages they send out.
“This is not the first time that we see a malicious code that can update itself; however, this one is incredibly active. In fact, the author of these Trojans is trying to create some kind of botnet, that is, a group of computers infected by a malicious code that can perform all actions commanded by the hacker automatically and simultaneously. This is a novelty with regard to propagation of malicious code and taking full advantage of each infection”, explains Luis Corrons, technical director of PandaLabs.
Alanchum.NX and its variants arrive in files with names such as “video.exe” or “full_video.exe”, attached to emails with variable subjects, as those mentioned above. If the user runs the attached file, Alanchum or its variants install on the target computer. This could lead to the computer being controlled remotely, and used to send out spam or attack other computers without the user’s knowing. The Trojan can also download other malware specimens to the system.
“This is a typical example of use of social engineering techniques to infect users.
Cyber-crooks use current stories to spread their malware creations and trick users into opening attached files. Also, to increase the chances of infection, they use a great variety of issues, so that it is more difficult for users to be sure whether they have received a message that might be of their interest or not”, explains Corrons.
