This week’s report will look at the “N” variant of Mimail, a hacking tool called “Xcmd.A”, and the Trojan Dluca.D.
Mimail.N spreads via e-mail in a message that contains a file called P-APP.ZIP. In order to trick users and spread to as many computers as possible, Mimail.N uses “social engineering” techniques as the e-mail that carries it refers to the well-known payment system PAYPAL.
Once it is run, Mimail.N shows several fake PAYPAL forms on screen in order to trick users into entering confidential data such as their credit card numbers, personal identification numbers, e-mail addresses, etc. Mimail.N also changes the home page of the Internet Explorer browser on affected computers.
Xcmd.A is a hacking tool that allows malicious users to run other applications on remote computers. To do this, the hacker must have administrator rights on the remote system.
Xcmd.A allows a Telnet connection to be established with a remote computer even if there is no Telnet server on the targeted system. It also allows hackers to run DOS commands, such as dir, on the victim’s machine. Xcmd.A is not a risk in itself, but the applications run on the remote computer could be of any type, including Trojans and backdoors.
Finally, Dluca.D is a Trojan that attempts to download malware from the Internet. Once installed on a computer, the Trojan is listed in the Control Panel’s Add/Remove Programs section, which allows users to uninstall it successfully from their computers.