A new variant of the Mitglieder Trojan is Being Mass Mailed
Mitglieder.CG is designed to disable the security solutions installed on the computer and then, download other malware from the Internet
PandaLabs has detected the mass mailing of spam that contains the new and dangerous CG variant of the Mitglieder Trojan (also known as Bagle.bn by other security companies). Data collected by the international PandaLabs network shows that this new malicious code is starting to spread rapidly across several countries.
The email messages in which this new Trojan has been detected have a blank subject and message body and include an attached file called work.zip. However, users should be careful, as this Trojan is being spammed out manually or through zombi computers and therefore, the characteristics of the email message carrying Mitglieder.CG could be totally different.
If the user runs the file containing Mitglieder.CG, the Notepad application will be opened, displaying the word “Sorry’. At the same time, a file called winshost.exe is created in the Windows system directory on the affected computer. When the computer restarts, this file will be run and create another file called wiwhost.exe. This file will modify the host file so that the user will not be able to access certain websites; mainly websites related to antivirus programs and IT security.
In addition, the Trojan deletes files and Registry entries and stops processes related to security applications that could be installed on the computer.
According to Luis Corrons: “the aim of Mitglieder.CG is to download malware to the computer. It does this by connecting to a large number of Internet addresses and trying to download files, which could predictably contain other malware, such as backdoors, spyware, adware, bots, etc. This allows the authors of these malicious code to create networks of infected computers in order to launch attacks on other computers or collect hundreds of thousands of email address to send spam to.”
Due to the wide circulation of this Trojan, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.
Panda Software’s clients can already access the updates for installing the new TruPreventâ„? Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPreventâ„? Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPreventâ„? Technologies at: http://www.pandasoftware.com/truprevent.
In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.com. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code from http://www.pandasoftware.com/partners/webmasters/
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software’s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.
For further information about Mitglieder.CG, visit Panda Software’s Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/
About PandaLabs
On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/