Trend Micro - Autorun Worm Attacks ZIP
Trend Micro, an online security firm, informs that malware creators are using sophisticated and latest methods to hide malware.
Threat Researcher at Regional TrendLabs in Europe, Michael Tants, has found a new worm, WORM_AUTORUN.JFZ that uses a distinctive method of veiling itself in the computer.
Tants explains that that worm is allegedly a new version of AUTORUN.JFZ harmful code and uses a new mean to hide itself inside ZIP archives. As a result, it becomes hard for an anti-virus (AV) software to find malware bug entrenched inside.
Moreover, the .GIF extension in the harmful code is employed for a social engineering issue. Therefore, it is accountable for the circulation of malicious code.
TrendLabs' security experts describe that inquisitive users who still have their default configurations established in Windows Explorer may experience something objectionable once they double click on the ostensible image file. In other words, as soon as they double click, the harmful image code will be installed which is made simpler with the .SCR extension.
The security experts further add that writing in the form of data is not the only way the worm assures its presence on the system. The worm uses some customary circulation ways similar to the one employed by its predecessor AUTORUN.INF. Put it simply, the latest malevolent code has the capability to copy itself on removable drives such as USBs and CDs, which are transportable, and thus leads to circulation of the malevolent code among several systems as the user keeps on using it.
WORM_AUTORUN.JFZ is not the only variant of AUTORUN.INF. In the May 2009 report, the security vendor 'ESET' declares that Autorun Trojan has become so pervasive that it surpassed the overall quantity of harmful infiltrations created by any harmful code during May 2009. Almost 10% of discovery of malware carried out by ESET during May 2009 involved AUTORUN.INF.
Meanwhile, security researchers at TrendLabs and ESET are giving the same advisory when referring to WORM_AUTORUN.JFZ or AUTORUN.INF. Users should keep their systems up-to-date with new security software to evade any vulnerability that may begin because of the harmful codes.
Related article: Trend Micro Detects Spam Mail Declaring World War III
» SPAMfighter News - 13-06-2009