Panda Reports on the Tasin Family of Worms

PandaLabs has detected the appearance of the A, B and C variants of the Tasin worm. All these worms are sent out rapidly by email, use some kind of trick to distract users while they are sent out massively from the computer and delete a large number of system files.

Tasin.A was first detected a few days ago, and although it hasn’t been the center of any explosive propagation, it has gradually been creeping up the ranking of the viruses most frequently detected by Panda ActiveScan. The worm arrives in an email message written in Spanish. Both the email subject and the text are highly variable, selected from a random list of options including:

Subject:
re:xD no me lo puedo creer!! (I can’t believe it!!)
re:Crees que puede ser verdad? (Do you think it could be true?)
re:Amor verdadero (True love)

Text:
No veas que cosas xD,luego me cuentas,chao. (You want to see some things. We’ll speak later. See you) Crees en el amor de verdad?,miralo y ya hablamos,ciaooo (Do you believe in true love? Have a look and we’ll speak) Mira lo que te mando y ya ver?s que los detalles mas peque?os son los que importan,ciaoo (Have a look at what I’m sending you and you’ll see that the small details are the most important)

Attachment:
D-Inc?gnito.zip
Love-Me.zip
El_rechazo.zip If the attachment is run, Tasin.A creates several files on the computer. Some of these contain copies of the worm itself, while others are used to carry out malicious action. At the same time, it displays windows with messages that give the impression that it is some kind of game. However, it is a trick to distract users attention so theta they don’t realize that the worm is sending itself out rapidly via email.

In any case, the greatest danger of Tasin.A is that it is programmed to delete a large number files, with serious consequences for the computer. Tasin.A also connects to an Internet address to download and run other malware on the infected system. It also makes a Windows Registry entry to ensure it is run on every system startup.

Tasin.B and Tasin.C -detected just a few hours ago- are variants that are similar to the original as they are sent out by email and delete many system files. There are however significant differences. For example, when a user runs the file containing Tasin.B, a message is displayed saying the document is corrupt. Tasin.C downloads and displays an erotic image of a well-known Spanish person.

To prevent incidents involving Tasin, Panda Software advises users to take precautions and keep their antivirus software updates. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.