Micheal Jackson Trojan
July 15, 2010
Panda Security's weekly report on viruses and intruders
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at the Downloader.WFC Trojan, the virus Brontok.KN and the adware AVProtection 2009.
Downloader.WCF reaches computers in an email that includes a link claiming to point to a video of Michael Jackson's death on YouTube.
On clicking the link, users download a file that passes itself off as a video. On running the file, they really install the Downloader. WCF Trojan.
To fool users, the Trojan redirects them to a legitimate web page displaying an article about Michael Jackson to make them believe the file has run correctly. You can see a photo of the page here: http://www.flickr.com/photos/panda_security/3683160701/
Brontok.KN is a virus designed to infect executable (.exe) files. The infected files have a folder icon and the name of the existing folder.
Additionally, it deletes files corresponding to several antivirus programs, and ends processes related to security programs and applications such as the Task Manager or the Command console.
Finally, AVProtection2009 is an adware aimed at selling users a fake antivirus. When it runs, it simulates the installation of a legitimate antivirus. http://www.flickr.com/photos/panda_security/3683183147/
It then carries out a false scan of the affected system, supposedly detecting threats on the PC.
Afterwards, it informs users that the software is a trial version and that they must purchase a pay version to disinfect the computer.
If users do not purchase the pay version, it also displays pop-up messages.
The objective is to profit from selling the premium version of spoof antiviruses.
More information about these and other malicious codes is available in the Panda Security Encyclopedia
You can follow Panda Security's activity online on Twitter (http://www.twitter.com/panda_security), and the PandaLabs blog (www.pandalabs.com)
Also watch emails about Photo Albums and News Articles.