Sophos Discovers New Malware ‘True Love’
CheeHui, Security Analyst, SophosLabs, states that AU W32/AutoRun-AOG is a system worm that tries to proliferate to network shared devices using the name "True_Love.exe", as per the news by SOPHOS.COM on August 14, 2009.
The worm then attempts to copy itself to detachable shared devices like 'MsRun32.exe' and creates the file AUTORUN.INF on the detachable drive. The file AUTORUN.INF is made to operate the worm when the drive is joined to an uninfected system. CheeHui states in his blog post that Sophos detects the file AUTORUN.INF as Mal/AutoInf-A.
Besides other harmful activities performed by this worm, it also sends messages to the friends of the victim on Yahoo Messenger. These messages are finely written and packaged with an attached URL link that hosts malware. The message itself is very tempting and encourages the recipient to click on the attached mail link.
A few examples quoted by CheeHui as useful illustrations to comprehend the character of the messages sent by this harmful system worm in his blog pot include: "Ha ha ha click on link to laugh ..." "see this comedy joke click on this link" and "nice to listen .........."
CheeHui states that W32/AutoRun-AOG also spoils the Windows Task Manager of the infected system; prevents the access to registry of Windows, protects any process associated with the command and continues to muddle up registry settings which include adding functionality to make sure that the worm is being operated upon the next login.
Because of the wicked activities that can be carried out by this harmful computer worm, CheeHui suggests web users to be cautious of true love, chiefly one that is being divided liberally, claiming that one may never know when his system gets infected.
Actually, it is not only CheeHui of Sophos who has found a yet another AutoRun type. Security experts at Trend Micro state that MAL_OTORUN1 and MAL_OTORUN2 are two variants of MAL_OTORUN that bears characteristics and features identical to PC worms that abuse Autorun flaws in the Windows running system.
Related article: Spike in Attacks Causes Early Release of Windows Patch
» SPAMfighter News - 29-08-2009