SOURCE: Panda Security

October 09, 2007 14:47 ET

Malware: Data From the Infected or Not Website Reveals That 33% of 'Protected' Users Are Infected

Panda Security's Weekly Report on Viruses and Intruders

GLENDALE, CA--(Marketwire - October 9, 2007) - According to data gathered at the Infected or Not website ( through the NanoScan and TotalScan online solutions, 33.23 percent of users with a security solution installed were infected. As for unprotected users, 46.16 percent were infected.

Among computers scanned by TotalScan, the Gator adware has been this week's top malware followed by the Altnet PUP (Potentially unwanted program) and the SaveNow adware.

All three are malicious codes designed to put users' privacy at risk, for example, by monitoring their activity online.

                            Top 10 TotalScan
                    Position                 Name

                      1                Adware/Gator
                      2                Application/Altnet
                      3                Adware/SaveNow
                      4                Adware/Cydoor
                      5                Adware/Exact.BargainBuddy
                      6                Spyware/MarketScore
                      7                Adware/Lop
                      8                Exploit/iFrame
                      9                Adware/nCase
                      10               Adware/Aureate-Radiate

As for this week's malicious codes, PandaLabs underlines the Nabload.CHW and Maran.DJ Trojans and the Ganensar.A and Mimbot.A worms.

Nabload.CHW spreads through emails that claim to come from Gmail's support service. The email text, in Portuguese, tries to trick users into downloading a new antivirus tool claiming that if not, they will be unable to use their email account. When users click on the download link, they copy the Trojan onto their computer.

Nabload.CHW is designed to download a banker Trojan onto infected computers, which then sends an email to its creator indicating the name of the compromised computer. It also monitors users while they use the Internet to steal their banking passwords when logging onto specific online banks, and emails the data to the creator.

The Maran.DJ Trojan adds several passwords to the Windows registry. This way, it runs on every system startup and changes the LSP layers (Layered Service Provider, a system controller related to network services) to monitor Internet data traffic.

Thanks to the changes made, it steals user and system information by reading passwords, user names and other confidential information that victims type on websites and documents.

The Ganensar.A worm reaches computers with a Windows Media file icon. It creates several copies of itself on the system and downloads several malicious files.

This worm makes several modifications in the Windows registry so it runs every time a session is started. It also creates other entries, aimed among others, at disabling the task manager and the registry editor, and inserts an image and a text on the system properties window informing that the computer has been infected.

It also blocks programs with specific window names and disables the Windows file protection, replacing several files with notepad copies and maintaining their original names. This way, when a file is run, the notepad will open.

Finally, when the 'intro' button is pressed, a window is displayed showing a message from the worm's creator.

Mimbot.A is designed to close MSN Messenger windows while it sends messages for contacts to accept an infected file with a copy of the worm.

It uses several sentences in different languages to create the messages, for example: "Debo utilizar este cuadro en msn?"; "Was denken Sie an diese?"; "que pensez-vous" or "check it out, i shaved my head :|".

Quotes from PandaLabs

"This does not mean that traditional security tools are useless, it means that they need to be complemented by other types of online solutions such as NanoScan or TotalScan which have access to a larger database and can therefore detect more malware," explains Luis Corrons, Technical Director of PandaLabs.

Associated Image

Company Info: About Panda Security

Panda Security is one of the world's leading IT security providers, with millions of clients across more than 200 countries and products available in 23 languages.

Its mission is to develop and provide global solutions to keep clients' IT resources free from the damage inflicted by viruses and other computer threats, at the lowest possible total cost of ownership.

Panda Security proposes a new security model, designed to offer a robust solution to the latest cyber-crime techniques. This is manifest in the performance of the company's technology and products, with detection ratios well above average market standards and most importantly, providing greater security for its clients.

For more information and evaluation versions of all Panda Security solutions, visit our website at:

Relevant Links

-- This content is available at:

-- For more information about these and other computer threats, visit Panda Security's Encyclopedia.

-- If you think your computer might have been infected by other malicious codes, you can scan it free at

-- Add this content to

-- Add this content to Digg It!

-- Add this content to MyWeb

Contact Information

  • For more information:
    Iria Gala Barxa
    Email Contact
    Tel. +34 91 806 37 00
    Cell phone: 607 572 155