The Register is reporting that the first trojan to specifically affect Microsoft's Anti-Spyware program has been released. Called BankAsh-A, the trojan steals credit card and other info, turns off anti-virus programs (and disables the beta Microsoft anti-spyware software), deletes files on the computer and downloads code from the internet as well as installing more malware on the computer.
A worm spreading via MSN Messenger is turning infected Windows PCs into zombie drones. The Bropia-F worm spreads by offering "sexy image files" to IM contacts of infected users.
Instead of racy documents, users who accept and open infected files get a comical photo of a roasted chicken with a bikini tan line. In the background, Bropia-F installs a variant of the infamous Agobot (AKA Pahtbot or Rbot) worm, opening a backdoor on infected systems. The bot can then be used to collect system information, log keystrokes and relay spam.
BRITISH ANTIVIRUS firm Sophos warned that a version of the Bobax-H worm is on the loose, disguised as pictures of a dead Saddam Hussein.
According to Sophos, the worm carries different message warnings such as "Saddam Hussein: Attempted Escape. Shot Dead".
Other versions carrying the same payload claim to have pictures of a captured Osama Bin Laden.
Sophos said the worm, if activated, carries the same payload as the Sasser worm exploited.
Graham Cluley, marketing director at Sophos, warned that many people opened emails to be abreast of the news.
Korean security specialists at Globeal Hauri are warning of a new variant of the recently discovered Bropia worm, which is more dangerous than its predecessor.
Symptoms include a file, seemingly sent from a "buddy," which is loaded with the virus and infects the PC as soon as it opened. Remote access hijacks the infected PC. Volume differences and right mouse click might indicate the PC user that something is wrong.
Predictions of the demise of the mass-mailed worm are premature, a security researcher said Tuesday [US].
"I think that's maybe wishful thinking," said Pete Simpson, the manager of ClearSwift's threat lab as the security firm released its annual 2004 retrospective report.
The old English practice of gurning, in which participants pull a funny or scary face, is being used by a newly discovered worm to distract PC users while their machines are being compromised.
The Wurmark-F worm, a variant of Wurmark-D which began spreading last month, arrives as a zipped email attachment and displays a picture of an old man pulling an impressive gurn.
Meanwhile the worm installs itself in the Windows system folder, along with a new version of the Rbot worm, which spreads via networks without the need for user interaction.
A Christmas-themed variant of the Zafi virus continued to plague networks and systems long after the last of the turkey had been eaten, accounting for almost half the virus reports in January.
A "bot" -- a piece of malicious software that can spread and function much like a computer virus Latest News about computer virus or worm -- is seizing on vulnerable MySQL database software running on Windows systems to spread and scan for new victims.
While the MySQL Bot, also known as the Spool CLC, is mitigated by the limited number of Windows machines running MySQL, it managed to infect nearly 10,000 machines with an initial breakout, according to security experts.
The National Infrastructure Security Co-ordination Centre (NISCC) has issued an alert over the MySpooler worm reported yesterday, which threatens Windows servers with weak passwords for root access to MySQL.
NISCC, which was set up to minimise risk to the UK's critical national infrastructure from electronic attacks, posted the warning on its Web site after its Australian counterpart AusCERT alerted users to the worm. It highlighted that the worm's most destructive feature is its potential ability to facilitate massive distributed-denial-of-service attacks.
Both worms are designed to spread rapidly via email, and using P2P applications like KaZaA. Panda Software's international support network has already begun to register incidents caused by Bagle.BL in countries such as Holland and the USA, and it is likely, given the characteristics, that the number of computers affected by the worms will start to increase. With this in mind, Panda Software has set the virus alert level at orange.
