Malware of the week: AIM worm, spammer trojan and fake p2p apps
This week’s PandaLabs report looks at the Oscarbot.UG worm, the Spammer.AJF Trojan and a series of P2P applications used to distribute the adware Lop. Oscarbot.UG is a worm with backdoor features, which spreads using AOL Instant Messenger – AIM. When run, it copies itself to the system as well as USB drives that connect to it.
The worm connects to a Web page and uses IRC to send and receive information. To prevent detection, it stops running if it finds that it is being tried on virtual machines such as vmware, a sandbox or in a honeypot (these tools are often used to check in a controlled environment if an executable file is running malicious commands).
The Spammer.AJF Trojan is designed to send spam from infected computers. The email that it sends is written in Italian and has the following subject: Ci sono i problemi con la potenzialita? D’ora innanzi non ci saranno piu.
The Trojan creates several copies of itself on the infected system. It also creates a series of Windows Registry entries affecting Internet security, including one which prevents Internet Explorer from warning about non-secure or dubious Web pages.
PandaLabs has also detected two spoof P2P application installers, BitRoll-5.0.0.0 and Torrent101-4.5.00.0, which are being used to install the Lop adware on users’ systems.