Panda: Mitglieder trojan overtakes Sober

27 November, 2005

PandaLabs has reported the appearance of a new variant of the Mitglieder family of Trojans, Mitglieder.GB, which is spreading rapidly, especially across Europe. It is currently the most frequently detected threat by the online antivirus solution Panda ActiveScanThis family of Trojans caused a large number of infections on users' computers at the beginning of November, causing the alert level to reach orange. Like all Trojans, Mitglieder.GB cannot spread by itself and therefore, must be distributed manually. The samples received come from email messages with a variable subject and message body. However, all these messages contain an attachment in zip format that contains a copy of the Trojan.

It is easy to identify if this Trojan has affected a computer as its symptoms are clearly visible. When it is run, it opens the predefined image viewer in Windows and shows an image of an operating system logo with a white background that is slightly blurred. Once it has been installed, it inserts keys in the Registry to ensure it is run whenever the computer is started up and randomly tries to connect to a series of 50 URLs, which are detailed in its code, in order to access the file z.php, which can be used to download other malware to the system, or be malware by itself.

For more information, visit (http://www.pandasoftware.com/virus_info/encyclopedia/).

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2005 Integratedmar.com Corporation.