Antivirus2008Pro adware and spammer trojan

This week’s PandaLabs report provides information about the Sinowal.VPB and Spammer.AIT Trojans and the Antivirus2008Pro adware.

Sinowal.VPB uses the Windows API to intercept network communications carried out by users. It is also designed to monitor users’ access to online banks and capture the data entered (credit card numbers, passwords, etc.). Additionally, Sinowal.VPB creates a copy of itself on the system.

The Antivirus2008Pro adware tries to pass itself off as an antivirus to fool users. To do so, once run it displays a screen informing users they are infected. Soon after, it starts to scan the system and reports fake infections:

In this case, hackers are after the money obtained by selling a pay-version of a false antivirus:

The Spammer_AIT Trojan is designed to steal all email addresses stored on the system and save them to a file. Then, it opens a port on the computer and adds itself to the list of authorized applications in the Windows Firewall so that cyber-crooks can access the stolen data.