Weekly malware report: keylogger, autorun worm and exchanger trojan

This week’s PandaLabs report looks at the Autorun.ADF worm, and the KeyLogger.E and Exchanger.AH Trojans.

Autorun.ADF reaches computers in an attachment called “MY COMPLETED DOWNLDFX.EXE”. When run, a photo is displayed explaining how to obtain a visa to enter the U.S.

However, on displaying the image, the worm runs on the system and tries to steal the passwords of folders with specific features.

Once the information is obtained, the malicious code connects to a server to send it to its creator. Autorun.ADF also copies itself to all the computer’s drives.

The KeyLogger.E Trojan is designed to capture keystrokes and mouse movements when users access specific web pages, obtaining passwords and the confidential data entered on the pages. In addition, it creates a file on the system that stores the stolen information to send to its creator through a connection to an FTP server.

The aim of the Exchanger.AH Trojan however, is to download other malware samples to the system, e.g. the RogueAntimalware2008 adware.

This malicious code is distributed through spam mails with the subject: “Britney Spears and Lindsay Lohan comment on Paris Hilton’s Childish Behavior”. The message body contains a photo of Paris Hilton and what looks like a link to a video. If users click the link, they will actually be downloading a copy of the Exchanger.AH Trojan onto their computers.