Worm Clippo.A Creates Password, Blocks Access To Files
Malware investigators with Panda Security are cautioning that a fresh computer worm is circulating online, which locks all Office files by appending a password to presentations, documents, even removable drives and e-mails, thus obstructing users from accessing them.
States Panda in its warning that the worm is known as Vbs/Clippo.A.worm or Clippo.A and its threat is considered to be of medium intensity.
The particular malware reportedly, crafts a file named FILM.EXE for all of the infected system's folders as also its network shares or removable drives where it enjoys the privilege for writing. This file whose icon is same as that of any Windows folder is actually the worm's duplicate.
Further, the worm replicates itself and gives its copies names like SOUND.EXE and PICTURE.EXE within the removable and mapped drives as well as within the folders that become visible to it.
Conversely, it crafts 1.VBE a script inside the C: drive within its root directory. That script modifies the Windows Registry which then runs on every start up of the computer.
Most significantly, Clippo.A adds a password -721709031350 to each and every Office file it finds like PowerPoint presentation, Word document, else Outlook e-mail as also to its own code.
State the security researchers that malware, which prevents access to operating systems or vital files; normally demand money for reviving usual functioning. This type of malware is called ransomware; however, the current threat doesn't seem to represent it.
Moreover, the researchers further state that modern commercial cyber-crime scenario compels writers of malicious programs to concentrate their time and resources on covertness and data-stealing abilities. But Clippo.A isn't crafted along that line. It neither provides any monetizing scope to its creators nor tries to be elusive, rather it does the opposite, the experts add.
They, however, suggest that users can deactivate the worm by manually erasing the c:\file.exe file and eliminating the modified Windows Registry. Still systems must be fully scanned using an effective anti-virus program that's up-to-date.
Also, users must scan all shared networks that their infected PCs access along with each and every detachable storage device that is inserted into those systems.
Related article: Worm Spreads With Random Subject Lines
» SPAMfighter News - 14-09-2010