PandaLabs, the laboratory of the security software company Panda Software, warns of the spread of the new B variant of the BlackAngel worm. PandaLabs has already received several incidents from users affected by this worm.
This worm spreads via Microsoftís instant messaging program MSN Messenger. In order to spread through this tool, it sends messages to all the contacts in the userís contacts list, disguising itself as a video called ëFantasmaí (Ghost). If the recipient opens the file, an image appears on screen with a text in Spanish ìEn el 1er da te espantas, en el 2 te desesperas, en el 3 buscas ayuda y en el 4 mueresî (on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die).
When the file is run, the BlackAngel.B code carries out several modifications to the system, which include closing different security applications (antivirus programs, firewalls, etc.) in order to avoid detection. Whatís more, it tries to close a number of windows so that the user cannot use operating system configuration tools. These windows are:
- Windows Task Manager
- Control Panel
- Registry Editor
- System Configuration Utility
- System Restore
In order to spread to the contacts in MSN Messenger, it blocks a window in this application and prevents the user from accessing it. From this window it starts a conversation with the contacts, during which it sends messages like ìjaja look at thatî or ìmira este videoî, and a web address, from which the worm is downloaded to infect the computer.
PandaLabs warns of the spread of the BlackAngel.B worm
This worm spreads via Microsoft MSN Messenger and has already caused several incidents
