PandaLabs: the four of most dangerous viruses of week

PandaLabs Company presented a report on popular threats of last week. The specialists of the company are warning users about trojans Therat.B and Alanchum.UG, backdoor-trojans Redirection.A and worm TellSky.A. Therat.B is a trojan developed for recording keys pressed by user. Such malicious software is often called keyloggers. It also steals passwords stored in AutoComplete element of the browser, which is used for automatic inserting user`s name and password in online regimes after entering first one or two letters. The purpose of Therat.B is stealing of users` names, passwords, Web-addresses, etc. Then the collected information is transmitted to the trojan developer by e-mail. Trojan is started every time you boot the system. Alanchum.UG trojan belongs to Alanchum family, which is one of the most active types of malicious software in recent months. This type usually gets to the computer with another malicious code, which besides Alanchum.UG downloads also the advertising program CWS. Malicious software searches for all e-mail addresses stored in the infected computer, and then places them into web-page. Trojan starts every time you boot the system. In order to conceal its processes, and thus hamper its discovery, trojan uses routkit technologies. Malicious code Redirection.A opens in the infected computer “backdoor”, and then connects to IRC-server, as a result of which the computer is available for remote control. This code can perform a set of malicious actions; among them are information gathering on the infected system (IP, characteristics, etc.); FTP-server activation for download and performance of other malicious files on the computer. Redirection.A is also developed for IP ranges scanning in search for computers with installed VNC-program. This program allows remote control of a computer. If Redirection.A finds computer with installed VNC-program, it is immediately installed in the system. Besides, this trojan itself can be uninstalled from the computer, during this uninstallation it removes all the records it has made, from the registry, which makes it even more difficult to detect it. Worm TellSky.A is copied to the hard drive under such names as Girl.exe or Downloader.exe. Once getting to the computer it then started every time you boot the system. For the first time you boot your computer, worm displays an error message. The purpose of this message is to distract the user, while TellSky.A carries out malicious acts such as the disturbance of work of antivirus and firewall. Then worm tries to be connected to a Web-page from which other malicious files can be downloaded. TellSky.A disables some system options, such as Launch to Start menu and Folder features. Most of these modifications are made in order to reduce the safety level or to block functions, which can help to localize the threat.