New Wave of Spam Contains Alanchum Trojan

PandaLabs has detected a new wave of spam containing the Alanchum.VL Trojan. This is a new variant from this family of malicious code generally designed to download all types of malware onto infected computers. In this case, Alanchum.VL has accounted for as much as 62 percent of malware detections reported per hour.

The real danger of Alanchum.VL lies in the fact that it downloads other malware. This variant in particular downloads the Cimuz.BE Trojan. This, in turn, monitors users' visits to certain Web sites in order steal data entered in these pages.

"What is certain is that, Alanchum.VLcould be altered at any time to download other malicious code. This kind of versatility is what makes downloader Trojans the weapon of choice of today's cyber-crooks. In fact, they accounted for 42 percent of all new Trojans in 2007," says Luis Corrons, technical director of PandaLabs.

Alanchum.VL appears on computers with a Word file icon. It downloads other files in addition to Cimuz.BE and alters the Windows registry to ensure it is run on every system startup.

The spam messages containing Alanchum.VL have subjects designed to entice users into opening the attachment. "These social engineering techniques are widely used to spread Trojans. This is because this malware cannot spread by itself, and needs to trick users," explains Corrons.