Panda Software’s Virus Laboratory has detected the appearance of a new mass-mailing worm called Lohack.B. This malicious code uses so-called social engineering, as, for example, it tricks users into thinking that the message has been sent from trustworthy sources, for example the Spanish Ministry of Science and Technology or the multinational antivirus manufacturer Panda Software. It is also capable of exploiting a known vulnerability in the Microsoft browser Internet Explorer in order to run automatically when the message carrying the worm is viewed through the preview pane.
Lohack.B reaches computers in an e-mail message, which is always in Spanish, with the following characteristics:
– Ministerio de Ciencia y Tecnologia [email@example.com]
– Panda Antivirus [firstname.lastname@example.org]
Subject: The many possible subjects include:
– Informaci??n sobre la LSSICE
– Informaci??n sobre la LSSICE y sus consecuencias
– Nuestras libertades en internet en peligro
– FW:AVISO IMPORTANTE: un nuevo virus llamado LSSICE aparece en internet
– FW:CAMPA?â€˜A de informaci??n sobre la LSSICE
Message: One of the possible texts is:
PandaSoftware Antivirus acaba de publicar su ??ltima
herramienta para remover el gusano hop.a Esta
herramienta no solo remueve de su sistema el
gusano/virus si es encontrado, sino que le protege
de posibles infecciones futuras.
The file attached to this message, which contains Lohack.B, always has an exe or scr extension.
The tech support services at Panda Software have not yet received incidents involving this worm, however, it is advisable to treat all e-mails received with caution.
About Panda Software’s virus laboratory
On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.