We have analysed samples of malware that is calling itself 'MonaRonaDona', and is creating a buzz on Internet forums. In a nutshell, it seems the sole purpose of the malware is to prompt the user to enter the term "MonaRonaDona" into a search engine. This is an attempt to lead them to an application that can remove the unwelcome threat - a fix that has obviously been conveniently provided by the very people who created the virus in the first place.
When the Trojan executes, it creates the file SRVSPOOL.EXE in the startup folder of all user accounts and displays the following alert on the compromised computer:
The threat will stop the following applications if their name appears in the Windows title bar and the title bar will also contain a reference...
A new variant in the family of worms Symantec calls "Pykspa" - W32.Pykspa.D- is targeting Skype Instant Messenger. It spreads by using Skype'schat function, sending a message to contacts containing a link to whatappears to be a harmless .jpeg file, but if clicked on actuallydownloads and runs a copy of the worm on the user's computer. In anattempt to mask this innocuous activity the worm displays a legitimateWindows image (if it exists on the victim's machine), the bitmap fileSoap Bubbles.bmp, contained by default in the Windows installationdirectory. So if you saw the below image recently after clicking on alink contained in a Skype message from someone, chances are yourmachine is infected.
One of our team members received anunsolicited but interesting email recently confirming his new accountat a certain website, and containing the login username and password.The email was addressed to him personally using his full name soundoubtedly his details were mined from somewhere on the Internet.
Using a secure computer he investigated by going first to the rootdirectory of the domain in the email, and found that it appeared to bea legitimate site. However upon then moving to the directory which waspart of the login URL contained in the email, he discovered exploitcode targeting the Microsoft Windows Media Player Plugin BufferOverflow Vulnerability (BID 16644).
The page contains shell code that downloads and runs an executable filewhich in turn drops other malware onto the computer. This malware isinjected into the explorer.exe process and scans all directories...
Over the weekend Security Response receivedsamples of the latest variants of Trojan.Peacomm and W32.Mixor doingthe rounds. The social engineering trick employed this time is inappealing to people's sense of fear as well as natural curiosity of apossible Middle East war involving the United States, Iran and Israel.
Subjects include "USA Just Have Started World War III" / "MissleStrike: The USA kills more then 20000 Iranian citizens" / "Israel JustHave Started World War III" / "USA Missile Strike: Iran War just havestarted". From the sample emails that we have seen to date, the actualemail body is blank, and the attached files have various names such as"video.exe", "movie.exe", "click here.exe", "clickme.exe", "readme.exe"and "read more.exe".
Proactively detected by Symantec antivirus software asTrojan.Packed.13, the underlying threats are actually nothing new. Theyare simply minor variants of Trojan.Peacomm and W32.Mixor (namedW32.Mixor.AR@mm in...
It is often said that an antivirus (AV) product is only as good as its most recent signature update; however, that's not strictly true. Even if your AV definition set is months out of date, it will still protect you from some of the worst viruses and worms of all time: Mydoom, Netsky, Bugbear, Sasser, Klez, Sobig, and Nimda, for example. On the other hand, the statement does hold some truth. While an AV product won’t protect a computer from every new threat right from the moment that threat is unleashed into the wild, most AV companies are very quick to add protection for new threats and make that updated protection available to their customers—usually within hours. Given that most threats spread relatively slowly (with a few notable exceptions, such as Slammer (W32.SQLExp.Worm), but that only affected certain systems running specific software), the...
...