MSN worm with downloader functionality

The most important malware samples analyzed by PandaLabs this week are the MSNHorn.A and Nugache.M worms, and the Legmir.ASG Trojan. MSNHorn.A spreads through MSN Messenger by sending a message with an attached file to the infected user’s contacts. When the file is opened, the recipient is infected and the process begins again.

The messages are sent in different languages (English, French, German, Spanish-¦). Some examples include: “hihi look at my horny pictures :$” or “oh my god look at this picture 😮 wowwww”. Cyber-crooks use these messages to tempt users into opening the attached files and infecting their systems. “Photo’ and “secretimages’ are just a couple of the names of the files.

MSNHorn.A’s downloader functions allow it to download numerous malware samples onto computers, including the Inject.K and Torpig.DX Trojans, designed to steal confidential information.

Nugache.M is a worm that spreads in email messages with variable subjects such as; “hey!’, “OK’ and “here’. With names including, “self nude.scr’ and “my pic.sc’, the attached file contains a copy of the worm, which when opened, infects users.

This malicious code can also spread by instant messaging and IRC.

The Nugache.M worm starts carrying out malicious actions when it infects computers. It can capture keystrokes and store user credentials. It also connects to an IRC server and awaits its creator’s instructions which include; denial of service attacks, using the infected computer as a Web server or connecting to an FTP server.

Legmir.ASG is a Trojan that can reach computers in emails or in files downloaded from the Internet. This malicious code is designed to disable certain antiviruses, allowing it to carry out malicious actions more efficiently. Actions include, creating new entries for the Windows registry and creating a file that allows it to delete itself.