This week's PandaLabs report looks at the PcClient.HV Trojan, and the Autorun.ACA and P2PWorm.F worms.
Bck/PcClient.HV is a Trojan that opens a backdoor in the computer. This malware inserts an entry in Run and copies three files to the system:
PCCORTR.DLL and 81.DLL in C:\WINDOWS, and WUAUCT.EXE in C:\WINDOWS\SYSTEM32. All of them are detected as Bck/PcClient.HV.
The Trojan uses the libraries (.DLL files) to reduce the security level of the browser and the WUAUCT.EXE file to connect to a remote address in order to send out information about the infected computer.
When the user runs the infected file, a 12-slide PowerPoint presentation is displayed with photos of the Olympic facilities in Beijing.
The Autorun.ACA worm reaches computers as an executable file that tries to pass itself off as a Word document. Depending on the system configuration, the actual extension of the 'document' might not be displayed.
This worm is designed to copy itself to %Root% under the name JONIEZZ.EXE and %SystemRoot%\LoLOxz as SMSS.EXE. Also, it copies itself to external drives and shared drives with the name AUTORUN.INF. This way, the worm tries to infect any user that might access these drives.
W32/P2PWorm.F spreads through mapped and removable drives and P2P programs. To spread through file exchange networks it copies itself to directories of P2P programs, keygens, game cracks, security programs, or popular applications like instant messaging clients.
Also, it inserts entries in Run to run automatically when the computer starts up. This malware collects information from the infected computer, for example, passwords for programs like CUTE FTP, FlashFXP, TotalCmd, SmartFTP, FileZilla, Sniff, etc.