BitDefender, an award-winning antivirus software producer, today reports a new version of Nocan (Win32.Nocan.B@mm), a mass-mailer virus, very similar to the high-spreading virus Sobig.B (previously known as Palyh). The virus uses mainly the e-mail and the file-sharing networks in order to spread. For the moment, just a few reports of infection, most probable from the author himself, have been received, but the virus has a high-spreading potential. The specialists believe that the author is Melhacker - the same as in the case of Maax.B - a virus discovered during the last week. He might be a member of the VX (virus authors) community. The virus has even the ability to update itself from a web address, which seems to belong to that community.

“The latest viruses, beginning from Yahaa.B and until this one, use the same mechanisms and probably share the same database of tricks (e-mail subjects, content, antivirus services to be terminated, etc.). They are all Trojans, backdoors, mass-mailers and worms, key-loggers and password-stealers, using in most cases the same techniques to spread and to infect computers”, Patrick Vicol, Virus Researcher at BitDefender stated. “Only the programming approach is a little different. For example, Nocan is made in Visual Basic programming environment – using a very complex structure, with a strong update potential”, Patrick concluded.

Complexity seems to be the keyword for this last virus: the code contains instructions to copy the virus file into the System32 folder, to modify Windows registry keys, to attempt termination of data security software installed on the system, to send itself as e-mail message to all contacts in the Address Book, to search for most popular IM applications and to copy itself into their shared folders under different, tricky names. The virus is also able to perform DoS attacks against 10 IP addresses, to deface the existing IIS site on the system, to delete files on the hard-drive (C:\Safeweb and all files on the root folder and on the D:\ partition), to steal information (subsequently e-mailed to the address chatza@phreaker.net), to create a backdoor and to download a file (for updating purposes) from a certain URL.

BitDefender has updated yesterday all its antivirus solutions, to detect and stop the spreading of this new threat. BitDefender experts recommended all users to use the update feature in order to stay protected against any other new viruses.
The specialists believe that the author is Melhacker - the same as in the case of Maax.B - a virus discovered during the last week. He might be a member of the VX (virus authors) community. The virus has even the ability to update itself from a web address, which seems to belong to that community.
http://vx.netlux.org/lib/iv035.html (Interview with Trigger from VX Community