Panda Software has published its report that it prepares every week on the most significant viruses and intrusions. Based on the information compiled by PandaLabs, this week three Trojans with very different functions stand out: CXOver.A, Banker.CHG and Cryzip.A.

CXOver.A is a malicious code that spreads using ActiveSync connections
between computers with the .NET platform installed and mobile devices,
such as PDAs or cell phones. When it is run, it checks if the computer
is connected to a mobile device through ActiveSync and creates a copy of
itself on the device. Then, if the affected mobile device is connected
to another computer through Activesync, CXOver.A will sent a copy of
itself to that computer. CXOver.A deletes the files from the My
Documents folder on the mobile device.

The other malicious codes in today's report are other examples of the new dynamic used by malware writers. The first, Banker.CHG, is another member of the Banker family, specialized in theft of passwords for accessing online banking systems. This Trojan goes memory resident, checking the pages accessed by the user.

When the page viewed in the browser coincides with one of the URLs that
Banker.CHG has stored in its code, it redirects the user to another site
with the same appearance, but controlled by a hacker. Banker.CHG cannot
spread automatically using its own means and therefore, needs an
attacker to distribute it.

Finally, we have a clear example of hackers' interest in defrauding
users. PandaLabs has reported the appearance of Cryzip.A., a Trojan that
compresses files with a many different of extensions, including CGI,
DBX, DOC, DSW, JPG, MDB, PDF, TXT, XLS, etc. in a ZIP file and password
protects them. Users cannot open the files until they get the password
by following the instructions left by Cryzip.A in a text file. If this
Trojan has infected your computer, the password for decompressing the
files is C:\Program Files\Microsoft Visual Studio\VC98.

As well as these malicious codes, PandaLabs has warned users of two
vulnerabilities that have been corrected by Microsoft. The first, as
reported in Microsoft Security Bulletin MS06-011, corrects an error that
could allow an attacker to gain control of the affected system. An
attacker could therefore, install programs with serious consequences or
carry out any task without the user realizing.

The systems affected are Microsoft Windows XP Service Pack 1 and
Microsoft Windows Server 2003 (also the version for Itanium systems).
More information and the updates that fix the error are available at
http://www.microsoft.com/technet/security/Bulletin/ms06-011.mspx.

The second update, reported in the bulletin MS06-012, corrects a similar
error to the aforementioned error, as it could also allow an attacker to
gain control of the system, if users log on as the system administrator.

According to the second bulletin, the systems affected are Office 2000
SP 3, Office XP SP 3, Office 2003 SP 1 or 2 and Microsoft Works Suites,
versions 2000 to 2006. Office for Mac (versions X and 2004) is also
affected.

PandaLabs has stressed the severity of these security problems. It also
reminds users to install the updates as soon as possible. In this case,
it is particularly important, because by allowing programs to be
installed, these vulnerabilities are the perfect scenario for falling
victim to new malware dedicated to cyber-crime.

For further information about these and other computer threats, visit
Panda Software's Encyclopedia.
a