A newly discovered variant of the Mitglieder family of Trojans, Mitglieder.GB, is spreading rapidly across Europe, antivirus experts warned today.
PandaLabs said the Trojan has recently overtaken Sober.AH to become the most frequently detected virus, with the greatest detection rate occuring in Europe, mainly in Poland, Belgium and France.
The security firm said that Mitglieder.GB cannot spread by itself and therefore, must be distributed manually. The samples received come from email messages with a variable subject and message body. However, all these messages contain an attachment in zip format that contains a copy of the Trojan.
“We believe that the creators are making a huge effort to distribute it," said Luis Corrons, director of PandaLabs.
"This month we have seen various attacks of this type, which trust more in overflow techniques than sophisticated techniques to saturate the internet with malware. This, in some way, ‘poisons' the internet, as few emails in circulation are free from malware."
PandaLabs said that when the Trojan is run, it opens the predefined image viewer in Windows and shows an image of an operating system logo with a white background that is slightly blurred. Once it has been installed, it inserts keys in the Registry to ensure it is run whenever the computer is started up and randomly tries to connect to a series of 50 URLs, which are detailed in its code, in order to access the file z.php, which can be used to download other malware to the system.
"We are experiencing a period of frenetic activity for certain malware families, such as Bagle, Mitglieder or Sober, with a large number of variants distributed over a short space of time," said Corrons.
"The main aim of these types of strategies is to release a large number of variants so that the number of infected email messages in circulation is extremely high, posing a risk in itself, due to the confusion it causes users."
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff