A spate of new Trojans emerged this week, along with a notable new variation of the Storm worm, says Brett Myroff, CEO of Netxactics.
"The new Storm variation is designed to compromise a user's PC and turn it into a zombie via an e-mail claiming to point to a YouTube video. Clicking on a link inside the e-mail sends surfers to a Web page containing a malicious script and the Trojan horse.
"Among other Trojans showing lower prevalence is Troj/Lineag-AY, essentially spyware that affects the Windows operating system. Its sole aim is to steal a user's information, with potentially disastrous consequences.
"Troj/Fakevir-AG, another Trojan for the Windows platform, includes functionality to access the Internet and communicate with a remote server via HTTP. When installed, it displays a fake virus alert.
"Troj/Zapchas-DR and Troj/Agent-GBX are also Windows-based. The latter installs itself in the registry, creating the file <System>\drivers\runtime.sys. The file runtime.sys is detected as Troj/NTRootK-BY.
"The file runtime.sys is registered as a new system driver service named 'runtime'. Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\runtime," explains Myroff.
"Of slightly higher prevalence is Troj/PWS-AOM, which also creates a registry entry. When the Trojan is installed, the following files are created: <Windows>\goods32.dll - detected as Troj/PWS-AOM, and <System>\goods.exe - copy of itself.
"Troj/PWS-AOM includes a number of side effects," cautions Myroff. "It drops more malware, downloads code from the Internet and installs itself in the registry.
"The Windows platform is still being heavily targeted by spammers as well as malware and spyware authors. That YouTube is being exploited should alert everyone to the dangers of Internet-based treats, and security should be a priority when using the Web and e-mail."
Share