Panda looks at Gagar, Mitglieder and RaHack.BB worm

Panda Software’s weekly report on viruses and intruders looks at the Gagar CC and Mitglieder.LX Trojans, and the RaHack.BB worm.

Gagar CC is a Trojan that connects to a certain IP address and downloads another Trojan called Alanchum.MU. The latter, in turn, downloads the following malware onto the infected computer:

* Duel.A: This worm uses specific techniques in its code in order to hide while it is active.

* Nuwar.B: This Trojan spreads via email and downloads another Trojan, Gagar.CB, onto the infected computer.

* Spammer.ER: This is a Trojan that provides the email addresses to which to send Nuwar.B.

The second Trojan we are looking at this week is Mitglieder.LX. This malicious code downloads a file from several web pages and runs it on the computer. The downloaded file is a variant of the Bagle worm. It passes itself off as a crack (a tool for removing protection from original software) for a certain program.

RaHack.BB is a worm with no destructive effects. Its main purpose, as with all worms, is to spread to other computers. It can infiltrate computers which have the Radmin remote-administration application by exploiting weak passwords. Similarly, if the compromised computer is part of a network, RaHack.BB will try to access shared resources on the network and copy itself to them.

All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan, the free, online solution. This allows users to thoroughly scan their computers if they suspect they have been infected.