WORM_BRONTOK.CE is a new worm discovered by security company Trend Micro which confirmed that the infection affects most Windows versions including 98, ME, NT, 2000, XP, Server 2003. Although the worm has a medium damage potential and a medium distribution potential, there are no reported infections yet. In case you're wondering how you can get infected, you should know that WORM_BRONTOK.CE can be deployed by other infections or straight by the users who visit malicious pages. The installation is done without
their approval so there's no way to find out if you're infected in case you don't have an antivirus. But what's more important is that the threat aims to harm several file formats in order to be sure that it is executed on the victim's computer.
"Upon execution, this worm drops the following files. This worm creates registry entries to enable its automatic execution at every system startup. It also modifies registry entries in order to execute itself every time a .EXE, .COM, .PIF, or .BAT file is run," Trend Micro noted in the security advisory.
In addition to these affected file extensions, the worm attempts to reboot the computer every time a certain string is detected in the Internet Explorer title bar. This way, the affected consumers can get their systems restarted every time they visit certain websites. "This worm restarts the affected system when it finds an open window containing certain strings in the title bar of Internet Explorer (IE)," Trend Micro explained.
Moreover, the infection uses the Windows folder icon to hide its files from the users. "It also uses the Windows folder icon to trick affected users into thinking that it is a normal or legitimate folder. Once clicked, it opens the My Documents folder to hide its execution routines."
Just like several other Windows infections, WORM_BRONTOK.CE attempts to spread itself by installing on every removable drive connected to an infected computer. The propagation is done through an Autorun.inf file dropped on every removable device which is used to infect clean computers and execute the worm.
their approval so there's no way to find out if you're infected in case you don't have an antivirus. But what's more important is that the threat aims to harm several file formats in order to be sure that it is executed on the victim's computer.
"Upon execution, this worm drops the following files. This worm creates registry entries to enable its automatic execution at every system startup. It also modifies registry entries in order to execute itself every time a .EXE, .COM, .PIF, or .BAT file is run," Trend Micro noted in the security advisory.
In addition to these affected file extensions, the worm attempts to reboot the computer every time a certain string is detected in the Internet Explorer title bar. This way, the affected consumers can get their systems restarted every time they visit certain websites. "This worm restarts the affected system when it finds an open window containing certain strings in the title bar of Internet Explorer (IE)," Trend Micro explained.
Moreover, the infection uses the Windows folder icon to hide its files from the users. "It also uses the Windows folder icon to trick affected users into thinking that it is a normal or legitimate folder. Once clicked, it opens the My Documents folder to hide its execution routines."
Just like several other Windows infections, WORM_BRONTOK.CE attempts to spread itself by installing on every removable drive connected to an infected computer. The propagation is done through an Autorun.inf file dropped on every removable device which is used to infect clean computers and execute the worm.
No comments:
Post a Comment