Panda Software Reports the Appearance of Redlof.B

Its predecessor, Redlof.A, tops the list as the most frequently detected virus in Asia, according to the data compiled from Panda ActiveScan, the free, online antivirus solution

Panda Software’s Virus Laboratory has detected the appearance of a new e-mail worm called Redlof.B. This new malicious code is a variant of Redlof.A, the virus most frequently detected in Asia by the free, online antivirus solution Panda ActiveScan.

Although it has similar characteristics to its predecessor, Redlof.B uses a different encryption routine and is classified as a polymorphic worm.

The new worm has no destructive effects, its main objective being to infect as many computers as possible, which it does quite effectively. Once installed in the computer, Redlof.B copies its code into HTT files, which are used by the operating system to view system folders in web page format.

Every time the user opens a folder, the worm code executes, infecting any of the following file types: ASP, HTML, HTM, VBS, PHP and JSP.

Redlof.B spreads using e-mail and hides its code inside the background design sent by users with Microsoft Outlook e-mail client. Once the e-mail has been received it takes advantage of a known component vulnerability in VM ActiveX, through which it is possible to execute the virus by viewing an infected HTML page.

Finally, Redlof.B will create new entries in the Windows registry so that it can execute itself every time the computer is booted.

To protect yourself from these viruses, Panda Software recommends that you update your antivirus solution. The leading antivirus software developer has made the following update available to detect and eliminate this worm; it can be downloaded from . You can also find detailed technical information about Redlof.A and Redlof.B in Panda Software’s Virus Encyclopedia.

Don't miss