New MSN and P2P worms

According to data gathered at the Infected or Not website this week, 24.73% of protected computers and 36.58% of unprotected computers are infected by malware. Among the thousands of malicious codes that have appeared this week, PandaLabs’ report focuses on two worms: MSNWorm.BF and Cazdeg.A.

MSNWorm.BF spreads through instant messaging, by sending a message to all the infected user’s MSN Messenger contacts. If users open the file and run the content, they will be infected with a copy of the worm.

This malware is also designed to download the Agent.HBA Trojan onto the system, which steals data from the infected computer and sends it to the creator.

MSNWorm.BF creates a key in the registry to ensure it is run every time the system is started up. It also tries to connect to an HTTP address from which it can download more malware and receive malicious commands.

The Cazdeg.A worm spreads through P2P networks. To do so, it copies itself onto P2P program (eMule, Kazaa, Ares, etc.) folders using eye-catching names such as Pamela Anderson pictures.scr, Windows Vista Crack.scr and Youtube videos downloader.scr.

This worm loads two web pages onto the PC. Additionally, it modifies the Windows Registry so it runs every time a session is started.




Share this