WoW password stealing worm and YouTube video playing trojan

The list of the most active malware this weekis headed by two variants of the Bagle worm. The Comet adware, which shows ads to users through banners, pop-ups, etc, comes in third place.

Regarding new strains of malware that have appeared this week, the PandaLabs report focuses on the Nabload.CXU Trojan and the Wow.SI, Lineage.HIT and Chike.B worms.

The Nabload.CXU Trojan spreads in emails with the subject “A Pessoa com o Maior Rabo do Mundo” and contains a text in Portuguese and a link to a video. However, if the user clicks the link, they will actually be downloading a copy of the Trojan onto their computers. Then, the Trojan plays a YouTube video to conceal its actions.

Also, this malicious code downloads two banker Trojans onto the computer to steal login data for accessing various banking entities’ services.

Lineage.HIT is a worm with Trojan features. It is designed to steal sensitive information from the system as well as user names and passwords for the following online games:

* Lineage Lands of Aden
* Maple Story
* Legend of Mir
* World of Warcraft

Once run, WoW.SI copies itself to the root directory of all the system drives. Consequently, it can copy itself to removable devices (external hard disk, usb memory sticks ..) and run when connected to another computer.

The worm drops a rootkit on the system to hide its actions and make detection more difficult. It also connects to an HTTP address from which it downloads a malicious file and a copy of itself.

Chike.B is a worm that spreads by copying itself to removable drives and shared folders on the network. This malicious code changes the Windows explorer settings, disables the system restore feature and disables the Windows Registry.