PandaLabs warns of the spread of the BlackAngel.B worm

PandaLabs, the laboratory of the security software company Panda Software, warns of the spread of the new B variant of the BlackAngel worm. PandaLabs has already received several incidents from users affected by this worm.

This worm spreads via Microsoft’s instant messaging program MSN Messenger. In order to spread through this tool, it sends messages to the all the contacts in the user’s contacts list, disguising itself as a video called “Fantasma’ (Ghost). If the recipient opens the file, an image appears on screen with a text in Spanish.

When the file is run, the BlackAngel.B code carries out several modifications to the system, which include closing different security applications (antivirus programs, firewalls, etc.) in order to avoid detection. What’s more, it tries to close a number of windows so that the user cannot use operating system configuration tools. These windows are:

– Windows Task Manager
– Control Panel
– Registry Editor
– System Configuration Utility
– System Restore

In order to spread to the contacts in MSN Messenger, it blocks a window in this application and prevents the user from accessing it. From this window it starts a conversation with the contacts, during which it sends messages like “jaja look a that” or “mira este video”, and a web address, from which the worm is downloaded to infect the computer.