Panda Virus Alert - Sobig.F

[pic] Panda Software reports the appearance of Doomjuice.A computer virus Glendale, CA, February 9, 2004 - While the infections caused by Mydoom.A are just starting to cool off, a new worm has appeared that exploits the damage caused by this worm: Doomjuice.A. Evidence suggests that the Mydoom attack is not going to end on February 12, the date on which it seemed that the worm would stop spreading. It is supposed that the same author has launched this new malicious code that cannot even be detected in e-mail, as it exploits the ports opened by Mydoom.A and Mydoom.B. This new virus behaves in a similar way to SQLSlammer, i.e., it is a network worm that exploits an open port in the same way as SQLSlammer exploited server vulnerability. Panda Software has already issued a fix which is available on the Panda Software website. • Virus seems to have been created by the same author as Mydoom • Virus is designed to spread like a network worm, which makes it extremely dangerous, as it cannot be detected or viewed by the user via e-mail, like other viruses. The actions carried out by Doomjuice.A on the computers it infects include the following: - In order to ensure that it is run, it creates the following entry in the Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Gremlin" intrenat.exe - It generates a copy of itself in %system% called intrenat.exe (36,864 bytes). - It creates a file called sync-src-1.00.tbz (28,569) in %Windows%, in %Temp%, in %System% and in the C: drive. This file is compressed and contains the source code of Mydoom.A. - It launches a Denial of Service (DoS) attack against www.microsoft.com. Evidence suggests that Doomjuice.A was created by the same author as Mydoom.A. Panda Software’s experts are currently studying this malicious code. As PandaLabs gathers more information, it will be published on the company’s website (http://www.pandasoftware.com/). Due to the appearance of Doomjuice.A, Panda Software advises users to take extra precautions, and to update their antivirus solutions immediately. The company has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate Doomjuice.A. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/. Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com. More information about Doomjuice.A, Mydoom.A.worm, Mydoom.B.worm and other malicious code from Panda Software’s Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/. ABOUT PANDA SOFTWARE Panda Software (http://www.pandasoftware.com) is the first company to allow truly automatic daily signature updates, as well as centralized administration of antivirus protection, both of which have revolutionized the antivirus industry. On receiving a possibly infected file, Panda Software's technical staff immediately analyzes to determine the threat potential. Depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users Panda Software maintains the free antivirus utility “ActiveScan” for computer users and administrators to always have access to the very best free scan and repair technology. Any computer user wishing to check their computer for this or other computer viruses should check their computer at http://www.pandasoftware.com/activescan. Panda Software is known for its user-friendly policies, including free telephone support for corporate customers, expanded competitive renewal programs and free disinfection services. All of its products feature exclusive SmartClean™ technology and are endorsed by major industry watchdogs including ICSA Labs and Checkmark. # # # Members of the media who would like copies of our Antivirus software for evaluation, on air giveaway or personal use should also feel free to contact Alan Wallace either by phone or email (contact information below) FOR MORE INFORMATION: Alan Wallace Panda Software VP, Corporate Communications US www.pandasecurity.com