New Mitglieder Trojan variant spreads worldwide

PandaLabs reports on the new Mitglieder Trojan variant, named Mitglieder.FK, distributed in computers all over the World. The initial spread of this new variant has been distributed manually using spamming techniques in the last hours and infecting a large number of computers.

This Trojan has been sent in e-mail messages with variable features: it includes no subject and the message body contains the texts “info” or “texte”, and in every case includes a compressed attachment with different names from the following list:

Health_and_knowledge.zip
Sms_text.zip
Max.zip
Business.zip
The_new_price.zip
Info_prices.zip
Business_dealing.zip

These attachments include an EXE archive which is a copy of the Trojan that if opened, will infect the system. If this happens, the Trojan will try to contact a series of URLs, from which it tries to download a file that is supposed to be copied in the Windows system directory with the name exefld\ and a random number appended. These URLs are hosted in domains from countries like Russia, Poland and Germany. Also, the Trojan would modify two registry keys in order to ensure its execution in every startup.

“Even though the Trojan doesn’t seem to be technically sophisticated, it has infected a significant number of computers, probably because it has been massively distributed to a great number of email addresses”, states Luis Corrons, director of PandaLabs.

To prevent Mitglieder.FK or other malicious code from getting into your computer, Panda Software advises all users to keep their antivirus software up-to-date. Panda Software has already made the corresponding updates to detect and eliminate this new malicious code available to clients.




Share this