Two New Worms Work Together To Spread Across The Internet

-Gaobot.IUF and Prex.AM install on computers simultaneously, and try to spread using the MSN Messenger instant messaging system

-Gaobot.IUF could allow an attacker to gain control of affected computers remotely

-TruPrevent™ Technologies have blocked these two worms without the need for updates, so users that have them installed have been protected at all times

CAMBRIDGE, 6th July 2005 - PandaLabs has reported the appearance of two new worms, Gaobot.IUF and Prex.AM, with a previously unseen feature: they spread together in a single file with RAR format (even though this is a self-extracting file and users actually see a file with an .EXE extension). This file could initially have been sent manually to a certain number of users, as these malicious codes true means of propagation is through the MSN Messenger instant messaging system.

When the user runs the infected file, it decompresses automatically, generating two files that contain the worms. From then on, the malicious codes "share" the actions they carry out. Gaobot.IUF creates a backdoor in the affected computer and connects to an IRC server, waiting to receive commands from a remote attacker. The attacker can perform numerous actions on targeted computers, including obtaining information about computer hardware, stealing registration codes for some computer games, or upgrading the worm itself. Gaobot.IUF can also spread across shared network resources protected with weak passwords.

Prex.AM sends out messages through MSN Messenger with the text: "hmm like my friend said dont look ahaha, SICK pictures", and a link to an Internet address. If the user clicks on the link, a RAR file containing both malicious codes downloads onto the computer.

Users of Panda Software's proactive TruPrevent™ Technologies have been protected against these two worms from the outset, since they have been able to detect and block them without having prior knowledge of them, unlike other antimalware solutions that cannot protect users until their virus signature files have been updated.

"The way these two worms spread is rather atypical and, although rudimentary, it succeeds in increasing the ways in which these two malware specimens propagate. Creators of computer threats are trying hard to find new ways of distribution more effective than the current ones. So far this year they seem to be focusing on instant messaging systems", explains Luis Corrons, head of PandaLabs.

To prevent Gaobot.IUF and Prex.AM or any other malicious code from entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

Panda Software's clients can already access the updates for installing the new TruPrevent™ Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent™ Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.

In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website and complete the corresponding form.

For further information about these and other malicious code, visit http://www.pandasoftware.com/virus_info/encyclopedia






Company Profiles powered by ITReseller.com