Panda Software Reports on Spyware/Spydeleter, malware that tries to blackmail users online

Panda Software Reports on Spyware/Spydeleter, malware that tries to blackmail users online Panda Software’s antivirus solutions effectively detect and neutralize the actions of this malicious application, whose author is now in the hands of the law Glendale, CA - October 26, 2004 - During the last few days media, including USA TODAY, have reported on a civil lawsuit filed in the United States against Stanford Wallace, also known as the Spam King. The Lawsuit orders him to disable a malicious application called Spyware/Spydeleter. Spyware/Spydeleter blackmails users into paying in order to remove the application from their computers. Spyware/Spydeleter is a script that can download up to nine spyware programs to the computer. It also installs on users computers when visiting corupted web pages, either through links or Java scripts that do this automatically. Once it has reached the system, Spyware/Spydeleter downloads the spyware programs through FTP connections. Similarly, it creates several processes and leaves them memory resident. These processes have names like sd.exe or sd3.exe and ensure that the script is running at all times. Finally, Spyware/Spydeleter creates several entries in the Windows Registry. The most visible symptom of these entries is that they change the home page of Microsoft Internet Explorer for another page warning the user that the computer could be infected by spyware. This page also includes a link where the user can supposedly find help to clean the computer. If the user clicks on this link, a page opens from which the application Spy Deleter is downloaded, which will remove the spyware from the computer for the "modest" price of 29 dollars. The situation is made worse by the fact that Spy Deleter has apparently been programmed by the same person that created and distributed the malicious script. What's more, affected users may also find that two links called Click to Remove Spyware and Remove Spyware Now have been created on their desktop which point to this purchase page. According to Luis Corrons, head of PandaLabs, "it could be said that this is the start of a new era for malware, in as far as many of the authors of these kinds of programs are not just trying to prove that they can create damaging code better than the rest, but are trying to make a profit out of doing so. The number of fraud attempts through phishing is growing and many Trojans are circulating that try to steal confidential data, above all, bank account details. Now more than ever, it is vital to take precautions in the Internet, especially as they can hit where it most hurts: users' pockets." However, while this lawsuit is settled, computers could be affected by this malicious script. Panda Software recommends users to take precautions when they browse the Internet and to keep their antivirus updated. Panda Software's antivirus solutions effectively detect and neutralize this malicious application, as well as other spyware programs that may be installed, restoring the changes to the system made by these applications. The latest information from Panda Labs about Spyware/Spydeleter is available with these links: English: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=53599 Spanish: http://www.pandasoftware.es/virus_info/enciclopedia/verficha.aspx?idvirus=53599 For more information about these and other computer threats, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/ In addition, users can scan their computers online for free with the Panda ActiveScan, available at http://www.pandachallenge.com. ABOUT PANDALABS: On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information on fighting viruses and threats please visit http://www.pandasoftware.com/virus_info/. FOR MORE INFORMATION: Alan Wallace VP, Corporate Communications US [email protected] Tel. 818-543-6909