Weekly Report on Viruses and Intruders – Inqtana.A, SpyBot.AAV and Trojan Torpig.AE
This week’s report focuses on four malicious codes. The first of these, following in the wake of the code that we reported last week for Mac OS/X, is Inqtana.A. We’re also looking at the bot SpyBot.AAV and the Trojan Torpig.AE, both of which are designed for stealing confidential information, as is Briz.A, which has led to the uncovering of a complex network for creating data-stealing Trojans.
Inqtana.A is a worm that only affects computers with the operating system Mac OS X 10.4 installed, although it has no destructive effects, it only spreads itself (via Bluetooth) in order to affect as many computers as possible.
If the affected user accepts it or the system is configured to accept requests without the user’s approval, Inqtana.A copies its files in the default file exchange directory. If the computer also has the CAN-2005-1333 vulnerability, Inqtana.A copies its files in a special folder of the operating system. In this way, the worm ensures that it is run whenever the computer is started.
SpyBot.AAV and Torpig.AE collect a range of information from computers, such as the IP address, free memory space, operating system, RAM, microprocessor speed, etc. They then send this information to their creators.
However, the most notable code this week is Trj/Briz.A, not so much for the code itself but for the network of crimeware that has been discovered thanks to this Trojan. The code collects information about passwords and activity on the computer that it has infected.
The designers of Briz.A are part of the new business model arising among the creators of malware. Instead of creating code purely for fun they are now doing so for financial gain, both through selling the code (a customized version of Briz.A is on offer for $990) or by fraudulently using the data obtained.