Roundup: 2005's 'curious malicious code'

What do you do if you're an antivirus vendor in need of ranking the year's biggest threats when there weren't any major malware outbreaks? If you're Glendale, Calif.-based Panda Software Inc., you go after the goofy stuff.

Yesterday Panda released an unusual virus roundup, focusing on "some of the more curious malicious code" that somehow managed to seep into some networks and systems -- sometimes despite themselves. Most remain active but low-rated threats.

Downloader-AEE rang in the new year as the first malicious code Panda detected Jan. 1. The Windows-centric Trojan allows hackers to get into and capture screenshots and steal personal data, among other things.

Assiral-A carried so much similarity to 2000's LoveLetter that Panda named it "most ingenious" for its lack of originality and noted that "it looks like the classics will always make a comeback."

The "newsworthy" Crowt-A worm didn't make headlines. Not in the conventional sense, anyway. This malcode showed up in e-mail messages bearing actual CNN headlines, which made researchers wonder if the authors' aim was to educate users on world events or merely take revenge on reporters most likely to fall for the bait. We won't know because this piece of malware went nowhere.

Panda rated Elitper-D as "hands down" the most annoying worm, given it could disrupt as many as 90 applications, including halting popular enterprise tools like Microsoft Word and Excel and WinZip.

If Elitper didn't meet its goal, one variant of the Sober worm sure did. Sober-V took advantage of World Cup fandom to trick users by offering free tickets to the finals in Germany. Chalk one up for the sports-minded social engineers.

In August, Downloader-EJD claimed to be a warning from Microsoft about a wave of Zotob and IRCBot worms on the rampage. The gullible thought they were installing a patch to prevent further infestations. Instead, they allowed the Trojan to modify their security software settings by sending Windows messages to disable antivirus programs, firewalls or even Windows XP's Security Center.

There also were Trojans like Zar-A and Downloader-ENC that posed as donation sites for victims of the Indian Ocean tsunami and Hurricane Katrina. In addition to causing widespread confusion for those wishing to contribute to legitimate relief efforts, some believe this type of social engineering signaled a new low for the virus underground.

Talk about "organized crime." Rona-A not only stole data but duly recorded for its creators the version and date of its own installation, any Internet connection details and specifics on when any malicious action took place.

When it comes to data-stealing spyware, the Bancos-NL Trojan set itself apart not by pilfering users' financial information when they visited banking Web sites, but by monitoring up to 3,000 addresses at once. Most similar keyloggers simultaneously monitor a few hundred Web addresses at most, Panda said in a prepared statement.

Some others worth mentioning include the Valentine-related Cassanova.Mydoom worm launched in February; the Format-A Trojan that disables the hardware in Sony PlayStation Portable consoles and Tahen-A, which did similar mischief to Nintendo DS players; the ComWar-A worm that was among the first to send itself in cell phone MMS messages; and the Banker Trojans, designed to carry out online fraud but full of so many programming and language errors that few fell for their tricks.