Closer look at Gagar CC and Mitglieder.LX trojans and the RaHack.BB worm
Gagar CC is a Trojan that connects to a certain IP address and downloads another Trojan called Alanchum.MU. The latter, in turn, downloads the following malware onto the infected computer:
” * Duel.A: This worm uses specific techniques in its code in order to hide while it is active.
” * Nuwar.B: This Trojan spreads via email and downloads another Trojan, Gagar.CB, onto the infected computer.
” * Spammer.ER: This is a Trojan that provides the email addresses to which to send Nuwar.B.
The second Trojan we are looking at this week is Mitglieder.LX. This malicious code downloads a file from several web pages and runs it on the computer. The downloaded file is a variant of the Bagle worm. It passes itself off as a crack (a tool for removing protection from original software) for a certain program.
RaHack.BB is a worm with no destructive effects. Its main purpose, as with all worms, is to spread to other computers. It can infiltrate computers which have the Radmin remote-administration application by exploiting weak passwords. Similarly, if the compromised computer is part of a network, RaHack.BB will try to access shared resources on the network and copy itself to them.
Source: