Bird flu a decoy for viruses informs Panda Software

PandaLabs has detected the appearance of a Trojan, Naiva.A, that passes itself off as a Word document containing information about the bird flu epidemic in order to infect computers and drop a second malicious code, Ranky.FY, on computers

PandaLabs has recorded the appearance of a new threat called Naiva.A. This malicious code is a Trojan that reaches computers in a Word document containing information about the bird flu epidemic. The first line of this document is ìOutbreak in North Americaî or ìWhat is avian influenza (bird flu)?î Both refer to the disease currently threatening a large number of countries worldwide.

This Trojan uses two Word macros to run and install a second threat on the computer. The first macro calls five kernel functions, which allow the Trojan to modify create and delete files. The second macro installs Ranky.FY on the computer, which is embedded in the document and allows a potential attacker to gain remote control of the affected computer.

In order to protect against this threat, users should ensure that the macro security level is set at medium to receive a warning when they are run or high to stop them from running. If the macro security level is not set at one of these levels, the Trojan will be installed on the computer when the user opens the Word document.

ìUnfortunately, we were expecting something like this. This is not the first time, and wonít be the last, that writers of malicious code have taken advantage of peopleís misfortune and anxieties to spread their Trojans, worms, etc.,î explains Luis Corrons, director of PandaLabs. ìFortunately, in the case of this threat, it does not seem to be extremely dangerous, due to the means of infection it uses. However, we must not underestimate it, given the success rate of social engineering techniques to spread malware.î