SpreadBanker.A worm uses malicious video on YouTube

A new worm, SpreadBanker.A, uses a YouTube video to trick users and spread, according to PandaLabs. The worm has two components. When the user runs the first of these, it connects to the YouTube page and displays a video. The problem is that at the same time it is downloading the second part of the worm.

SpreadBanker.A is programmed to steal passwords entered in several online banks. Similarly, it can steal the login details for a range of games including Age Of Mythology, GTA, Unreal Tournament, WarCraft or Final Fantasy.

It also makes modifications to the Windows registry and creates copies of itself in several folders belonging to P2P file-sharing applications. These copies have enticing names such as “sexogratis” (free sex) or “crackwindowsvista” to attract users of these networks and spread.

The worm also modifies the hosts file to block access to several web pages related with security products.

“Malware is becoming increasingly sophisticated. In this case it combines the propagation features of worms with the ability of trojans to steal passwords. This way, cyber-crooks hope to squeeze the maximum profit out of each infection”, explains Luis Corrons, technical director of PandaLabs.

Panda Software’s TruPrevent Technologies have detected and eliminated this malicious code without having previously identified it, and users with these technologies installed have been protected at all times.

More information about this and other threats is available in Panda Software’s Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/

All users that want to know whether their computers have been attacked by this or other malicious code can use TotalScan or NanoScan beta, the free, online solutions available at http://www.infectedornot.com.