The number of infections caused
by the Mitglieder.GB Trojan continues to increase, and it now affects
computers around the globe. According to data collected by PandaLabs,
Belgium, Poland, Colombia and Portugal are the countries most affected by this
threat, as it is already the malicious code most frequently detected worldwide
by the online antivirus solution Panda ActiveScan (http://www.activescan.com).
To help stop the spread of the new variant of Mitglieder, Panda Software has
made its free PQRemove utility available to all users to effectively detect
and eliminate Mitglieder.GB from any computer that could be infected. This
utility can be downloaded from
Along with the distribution of the AH variant of the Sober worm, a large
number of infected email messages are being put into circulation worldwide,
which means that the current risk of infection is high. “Due to the nature of
this Trojan, which unlike Sober cannot spread using its own means, we believe
that the creators are making a huge effort to distribute it,” explains Luis
Corrons, director of PandaLabs. “This month we have seen various attacks of
this type, which trust more in overflow techniques than sophisticated
techniques to saturate the Internet with malware.
This, in some way,
poisons’ the Internet, as few emails in circulation are free from malware.”
It is easy know if this Trojan has affected a computer, as when it is run
it shows an image of an operating system logo with a white background in the
predefined image viewer in Windows. From then on, every four hours it will
activate a connection to one of the URLs detailed in its code at random in
order to access a z.php file, which could open the door to other malware or
contain malware itself.
This Trojan has been distributed in email messages with a variable subject
and message body. However, all these messages contain an attachment in zip
format that contains a copy of the Trojan. Therefore, users are advised to
take precautions when opening this type of attachment that does not come from
a reliable source.
The proactive protection technologies, TruPrevent, have detected and
blocked Mitglieder.GB without needing to be able to identify it first, and
therefore, without needing the updates. For this reason, computers with these
technologies installed have been protected from the moment this threat first
Panda Software clients that don’t yet have TruPrevent Technologies
have the updates available to install them along with their antivirus and
ensure they have prevented protection against unknown viruses and intruders.
For users with a different antivirus program installed, Panda TruPrevent
Personal is the perfect solution, as it is both compatible with and
complements these products, providing a second layer of preventive protection
that acts while the antivirus is updated, decreasing the risk of infection.
More information about TruPrevent Technologies at
To help as many users as possible scan and disinfect their systems, Panda
Software offers its free, online anti-malware solution, Panda ActiveScan,
which now also detects spyware, at http://www.activescan.com. Webmasters who
would like to include ActiveScan on their websites can get the HTML code, free
Panda Software also offers users Virus Alerts, an e-bulletin in English
and Spanish that gives immediate warning of the emergence of potentially
dangerous malicious code. To receive Virus Alerts just visit Panda Software’s
website (http://www.pandasoftware.com/about/subscriptions/) and complete the
For further information about these and other computer threats, visit
Panda Software’s Encyclopedia.