Malware scope: BukFeed.A trojan and Spamta.QH, Radoppan.I.drp and Nuwar.B worms

BukFeed.A is a low-threat Trojan with backdoor features that opens UDP port 1044 to enable remote access to the target computer. Also, it connects to a website to download updates of itself. BukFeed.A cannot spread through it own means, but requires an attacker to carry out an action in order to spread.

Spamta.QH.worm sends out the Trojan detected as SpamtaLoad.CO in an email message with variable characteristics. It creates several files in the Windows directory: one of the files, which has the typical icon of text files, contains a copy of the worm, whereas another file includes the addresses to which the Trojan is sent out.

The second worm is Radoppan.I.drp, which copies itself to mapped drives and inserts a file called autorun.inf to make sure it is run every time the infected drive is accessed. Also, Radoppan.I.drp, infects files with the HTML, ASP and PHP extensions in order to download the Rizalof.RG Trojan any time any of these files is run.

The last worm to have appeared this week is Nuwar.B. This worm reaches computers in a message with the subject Happy New Year! and an attached file with the name postcard.exe, which contains the worm itself. If the target user runs the attachment, Nuwar.B copies itself to the system. However, instead of massively sending itself out, it downloads a copy of the Spamtaload Trojan to the computer. This Trojan then connects to certain email servers in order to send out spam, which, oddly enough, contains publicity trying to convince users to buy certain stocks to increase their price rapidly.

Don't miss