Weekly Report on Viruses and Intruders – backdoor Trojans Hupigon.BS and Fuetel.T and hacking tools KGBSpy, Cmdow.A and Processor
Hupigon.BS is a backdoor Trojan designed to receive remote commands. The actions this malicious code can carry out on affected computers include intercepting keystrokes, as well as stealing, downloading and running files. What’s more, it can capture screenshots or check the processes that are running. To do this, it injects its own dynamic link library (DLL). Another backdoor Trojan, Fuetel.T, is closely related to Hupigon.BS, as it installs this malicious code on the system.
Like other malicious code of this kind, both Hupigon.BS and Fuetel.T cannot spread through their own means, but need to be manually distributed by a malicious user. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
KGBSpy is a hacking tool. These programs, which are legitimate tools and useful when used correctly, can be used by hackers for malicious purposes. KGBSpy logs the keystrokes entered by the user and filters them so that only the characters typed are logged. One of the main dangers of this malicious code is that it can be run in stealth mode and therefore, the user will not know that it is installed. KGBSpy can automatically send out the information it collects via email or FTP.
The second hacking tool in today’s report is Cmdow.A, a command-line utility that does not need to be installed on the computer to carry out its actions. Cmdow.A affects the windows that are opened on the system so that it can move them, change their size or rename them, for example. Even though Cmdow.A is not dangerous in itself, it can be used to prevent the user from noticing the windows that are opened by the programs being run or installed.
Finally, Processor is another command-line application that can be executed locally or remotely. It is programmed to collect information about the processes running on the affected computer and can end them, close them or even open them again later on.
To prevent these malware or any other malicious code from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these malicious code.