Weekly Report on Viruses and Intruders -CXOver.A, Banker.CHG and Cryzip.A Trojan

Panda Software has published its report that it prepares every week on the most significant viruses and intrusions. Based on the information compiled by PandaLabs, this week three Trojans with very different functions stand out: CXOver.A, Banker.CHG and Cryzip.A.

CXOver.A is a malicious code that spreads using ActiveSync connections between computers with the .NET platform installed and mobile devices, such as PDAs or cell phones. When it is run, it checks if the computer is connected to a mobile device through ActiveSync and creates a copy of itself on the device. Then, if the affected mobile device is connected to another computer through Activesync, CXOver.A will sent a copy of itself to that computer. CXOver.A deletes the files from the My Documents folder on the mobile device.

The other malicious codes in today’s report are other examples of the new dynamic used by malware writers. The first, Banker.CHG, is another member of the Banker family, specialized in theft of passwords for accessing online banking systems. This Trojan goes memory resident, checking the pages accessed by the user.

When the page viewed in the browser coincides with one of the URLs that Banker.CHG has stored in its code, it redirects the user to another site with the same appearance, but controlled by a hacker. Banker.CHG cannot spread automatically using its own means and therefore, needs an attacker to distribute it.

Finally, we have a clear example of hackers’ interest in defrauding users. PandaLabs has reported the appearance of Cryzip.A., a Trojan that compresses files with a many different of extensions, including CGI, DBX, DOC, DSW, JPG, MDB, PDF, TXT, XLS, etc. in a ZIP file and password protects them. Users cannot open the files until they get the password by following the instructions left by Cryzip.A in a text file. If this Trojan has infected your computer, the password for decompressing the files is C:\Program Files\Microsoft Visual Studio\VC98.

As well as these malicious codes, PandaLabs has warned users of two vulnerabilities that have been corrected by Microsoft. The first, as reported in Microsoft Security Bulletin MS06-011, corrects an error that could allow an attacker to gain control of the affected system. An attacker could therefore, install programs with serious consequences or carry out any task without the user realizing.

The systems affected are Microsoft Windows XP Service Pack 1 and Microsoft Windows Server 2003 (also the version for Itanium systems). More information and the updates that fix the error are available at http://www.microsoft.com/technet/security/Bulletin/ms06-011.mspx.

The second update, reported in the bulletin MS06-012, corrects a similar error to the aforementioned error, as it could also allow an attacker to gain control of the system, if users log on as the system administrator.

According to the second bulletin, the systems affected are Office 2000 SP 3, Office XP SP 3, Office 2003 SP 1 or 2 and Microsoft Works Suites, versions 2000 to 2006. Office for Mac (versions X and 2004) is also affected.

PandaLabs has stressed the severity of these security problems. It also reminds users to install the updates as soon as possible. In this case, it is particularly important, because by allowing programs to be installed, these vulnerabilities are the perfect scenario for falling victim to new malware dedicated to cyber-crime.

Don't miss