Wave of spam infected with the Alanchum.VL trojan

PandaLabs has detected a new wave of spam containing the Alanchum.VL Trojan. This is a new variant from this family of malicious code generally designed to download all types of malware onto infected computers. In this case, Alanchum.VL has accounted for  as much as 62 percent of malware detections reported to PandaLabs per hour.

The real danger of Alanchum.VL lies in the fact that it downloads other malware. This variant in particular downloads the Cimuz.BE Trojan. This, in turn, monitors users’ visits to certain websites in order steal data entered in these pages.

Alanchum.VL appears on computers with a Word file icon. It downloads other files in addition to Cimuz.BE and alters the Windows registry to ensure it is run on every system startup.

The spam messages containing Alanchum.VL have subjects designed to entice users into opening the attachment. “These social engineering techniques are widely used to spread Trojans. This is because this malware cannot spread by itself, and needs to trick users”, explains Corrons.