P2P Malware Latest Attacks – AIM worm, Spammer Trojan and Fake P2P Applications

A report coming from PandaLabs, this week, investigates the Oscarbot.UG worm, the Spammer.AJF Trojan and a suite of P2P applications through which the adware Lop is distributed. Oscarbot.UG is a pretty resourceful worm with numerous dangerous features, which spreads using AOL Instant Messenger – AIM. Its main ability – to copy itself both to the system and USB drives that connect to it, when run.

This is how the worm works: it connects to a Web page and employs IRC to send and collect information. To avoid detection, it stops running if it senses that it is being tried on virtual machines like vmware, a sandbox or in a honeypot, tools which are frequently used to verify a controlled environment if an executable file is running malicious commands.

The purpose of Spammer.AJF Trojan is to send spam from infected machines. This is what the email sent by it (and written in Italian) reads: Ci sono i problemi con la potenzialita? D'ora innanzi non ci saranno piu.

The Trojan is developed to make more copies of itself on the infected system. Moreover, it creates a series of Windows Registry entries which are quite harmful for Internet security; one in particular is designed to prevent Internet Explorer from issuing warnings about non-secure or suspect-looking Web pages.

PandaLabs report also about two spoof P2P application installers through which Lop adware gets installed on users' systems: BitRoll-5.0.0.0 and Torrent101-4.5.00.0