If you get an email from one of your friends, with
a subject line-'My Photo on Paris', do not click and download the zipped attachment.
The poor fellow has definitely not been to the fashion capital of the world on
a pleasure trip! And instead of showing you the picturesque Paris and its great
Eiffel Tower, the email will pave way for a worm to rear its ugly head inside
your computer the moment you open the attachment.
Security Analysts at MicroWorld
Technologies inform that the attached file 'Picture.zip' bundles two '.bat' files
and a file named 'picture.bmp'. This bmp is a Trojan Downloader code that goes
on to connect to predefined websites and bring in 'Worm.Win32.Brontok.o'
'Brontok.o'
is a mass mailing worm with its own emailing engine. After harvesting mail addresses
from the victim's computer, it forges the email identity of the victim and sends
'picture.bmp' to all the contacts found in the address book. The mail could be
either in Indonesian or English.
"Offering to show personal photographs
has been a regular mode of proliferation for most Brontok varieties," says
Sulabh Mahant, Security Analyst, MicroWorld Technologies. "The fact they
are continuing the same method with slight modifications in the vector and code,
goes to prove that the attackers are still managing to hit large number of unsuspecting
users and plant this worm successfully. May be one should blame it on most people's
curiosity to view some wonderful candid frames from the lives of their friends
and relatives!"
Inside the computer, Brontok moves on to shut down
many popular AntiVirus software and overwrites the HOSTS file to stop their regular
process of signature updating. The worm installs itself in the registry and replaces
infected files with clean copies to evade detection by AntiVirus software. Brontok
has the capability to log on to specific websites and download more malware, and
with the AntiVirus out of action, it could potentially bring in deadly Trojans.
"Worms like these can seriously handicap enterprises by spreading
like crazy via their internal mailing systems," points out Sunil Kripalani,
Vice President, Global Sales and Marketing, MicroWorld Technologies. "That's
precisely why we have been strongly recommending the eScan Enterprise solution
in providing a multi-layered protection for the mailing systems in organizations
and business houses."
In eScan Enterprise, you have 'MailScan' to
protect the Mail Server and 'eScan' that protects the Server and each Workstation
across the board. Both our solutions are powered by Unique MWL technology and
the world's best AntiVirus engine with the fastest detection rate, to make sure
that we leave nothing to chance in consistently and steadfastly protecting information
Integrity and Business Continuity, explains Sunil Kripalani.
MicroWorld
MicroWorld
(www.mwti.net ) is the developer of the world's
first Real-Time Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security software,
MailScan is the first comprehensive e-mail scanner for your SMTP/POP3
Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology underlying these products,
powering them to several certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red
Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive security for your systems.
For network security of enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net
