Virus Alert: PasswordStealer.BM steals users’ confidential information
Another worm reported by PandaLabs is the PasswordStealer.BM that is designed to steal users’ confidential information, i.e. passwords stored on Internet Explorer. It also steals information regarding the affected computer (version of the operating system, user name and IP address). Then, it sends the gathered information to its creator via IRC.
There are several tell-tale signs to look for the presence of this worm. When run, it displays an image of a young person smoking a cigarette (image here: http://www.flickr.com/photos/panda_security/3575542298/ ). It also
modifies the homepage of Internet Explorer (image here: http://www.flickr.com/photos/panda_security/3575542334/ )
PasswordStealer.BM uses several techniques to make it more difficult to delete:
- It hides files and folders.
- It conceals file extensions.
- It conceals operating system files.
Additionally, PasswordStealer.BM tries to spread through IRC channels. To do so, it sends random messages with a file called MYPIC.ZIP which contains a compressed copy of itself, to all the users connected to the channel the affected user connects to.
Again, we strongly recommend to make sure that you have an Anti-Virus program protecting your computer and especially make sure that it is up to date. Then get your computer scanned immediately!
If you believe that you may be infected by this or another kind of malware then you can visit our website at www.cpuhelp.net and click the Ambulance on the upper left column for a Free virusscan.