A New and Dangerous Variant of Mitglieder Is Being Spread Massively (News Release)   - 1,605 Views,

Mitglieder.DC Is a Malicious Code Designed to Kill Processes Belonging to IT Security Programs, Leaving Computers Unprotected Against Other Possible Attacks

- Detections in ActiveScan Are Increasing Progressively, Because It Is Being Mass-Mailed

GLENDALE, Calif., June 1 /PRNewswire/ — According to Panda labs, the new
and dangerous DC variant of the Mitglieder family of Trojans (also called
Bagle.BO or BagleDI-Q by other security companies) has been sent as spam to
thousands of users around the world. Mitglieder.DC blocks memory processes
belonging to a range of antivirus and IT security applications, leaving the
computer unprotected against other attacks. In the last hours, detections in
ActiveScan are increasing progressively because this malware is being
mass-mailed, which is a technique aimed at increasing the number of
detections.

As this malicious code cannot spread by itself, Mitglieder.DC reaches
computers in a series of highly variable email messages. For the same reason,
this malicious code can be distributed through numerous channels: storage
devices, Internet downloads, P2P networks, etc.

If a user runs the file that contains Mitglieder.DC, in addition to
blocking security applications that could be running, it tries to connect to
numerous Internet addresses, from which it downloads and runs the osa.gif
file. This in turn contains Downloader.CYB, a Trojan designed to download all
types of malware on computers that it infects.

“Malware creators try to distribute their creations rapidly to prevent
users from having time to update their antivirus solutions. They’re trying to
exploit the ‘vulnerability window,’ i.e. the time that it takes between new
malware appearing and users installing the updates on their computers,”
explains Luis Corrons, director of PandaLabs. “New techniques are frequently
being used in order to spread malware as rapidly as possible. So for example,
as in this case, thousands of infected mails could be sent simultaneously as
spam, or numerous variations can be launched at the same time. Another
frequently used system is to exploit software vulnerabilities, as was the case
with Sasser, infecting millions of computers last year.”

To prevent infection from Mitglieder.DC, or any other malicious code,
Panda Software advises all users to keep their antivirus software up-to-date.
Panda Software has already made the corresponding updates to detect and
eliminate this new malicious code available to clients.

Panda Software’s clients can already access the updates for installing the
new TruPrevent(TM) Technologies along with their antivirus protection,
providing a preventive layer of protection against new malware. For users
with a different antivirus program installed, Panda TruPrevent(TM) Personal is
the perfect solution, as it is both compatible with and complements these
products, providing a second layer of preventive protection that acts while
the new virus is still being studied and the corresponding update is
incorporated into traditional antivirus programs, decreasing the risk of
infection.