Malware week in review: user data stealing trojan and a couple of worms

This weeks’ PandaLabs report looks at Nukulus.A, a Trojan designed to steal users’ data, and the Winko.A and Addon.A worms.

Nukulus.A is a dangerous Trojan capable of stealing all types of confidential information: banking data, information entered in Web forms, local certificates, etc.

It can also redirect certain Web addresses to malicious web pages designed to perform online fraud. This way, the Trojan tries to obtain users’ confidential data.

The Trojan is also designed to download updates of itself from the Internet, as well as other malicious files. Plus, it creates several Windows registry entries, one of which makes sure it is run on every restart.

Winko.A is a worm designed to download other malicious codes onto the affected computer, including dangerous password stealing Trojans like QQRob and Lineage. It also downloads adware, like Alexa, onto infected computers.

The worm creates several copies of itself on the system and tries to spread by copying itself to all drives available (hard disks, USB, etc.)

Addon.A is a worm that spreads in a file called Foto_celular.zip. When run, it installs another malicious file and a vulnerable version of the ntoskrnl.exe file, which replaces the one on the system. This vulnerability could be exploited by an attacker to take control of the infected computer with administrator rights. Addon.A runs whenever the computer is restarted.




Share this