Weekly Virus Report – Pursue and CrackBox Trojans, Prestige Worm

Two Trojans -Pursue (JS/Pursue) and CrackBox (Bck/CrackBox)-, and the Prestige worm (W32/Prestige) are the focus of this week’s virus report by Panda Software for the second week of December.

The Trojan, Pursue contains Java script code that can be included in any web page, infecting all user computers that visit the site. This Trojan creates and modifies various entries in the Windows Registry so that the infected computer will shut down every time it is started. In addition, it will attempt to prevent access to the Windows Registry via editing tools such as “Regedit”, and will display a black screen in the browser, which depending on the position of the mouse, will display blocks of different colors.

The second Trojan known as CrackBox, whose principal objective is to infect a large number of computers and attempt to connect them to a web page so that it can launch a massive attack. This Trojan is very easy to recognize because a message appears in the infected computer announcing its presence.

CrackBox can reach computers through any means (e-mail, FTP, diskettes, etc.), in a file named “CRACKERBOX.EXE”. When the file is opened, the Trojan will infect the computer and go memory resident so that it can access a web page. It will also leave open the following ports: 1024, 1025 or 1026 TPC and UDP.

The last malicious code, Prestige, spreads using a camouflage technique under the guise of information relating to the environmental catastrophe currently affecting Spain. The effects of this worm are more annoying than damaging, after infecting a computer it displays windows requesting the installation of a Plug-In (or update of a program), in order to view photos of the sunken Prestige.