Trend Micro Spots Fresh File Infector
Investigators from Trend Micro the security company caution that a fresh malware has been detected infecting files with malicious methods, which appear same as those the PC virus Conficker used.
Called PE_LICAT.A, the file infector is a conventional PC worm, since it proliferates through malevolent code dropped on legitimate files stored as database on the contaminated computer. State the researchers that the kinds of files the malware targets are HTML, DLL and EXE.
Says Threat Response Engineer Jasper Manuel at Trend Micro that based on the payload of PE_LICAT.A, the malware first authenticates the files that have been downloaded prior to executing them. This method, according to him, resembles that which WORM_DOWNAD (Conficker) used. Softpedia.com published this on October 7, 2010.
Elaborating on how the new malicious program works, Alvin Bacani an Escalation Engineer said that every time a file that PE_LICAT.A contaminated was run, the program produced one domain name, which was of pseudorandom nature, while the precise value related to the timing of the system. Subsequently, it attempted at linking up with the mentioned DNS.
Attaining success, the malware pulled down and ran the file on the associated pseudorandom website. But if it failed, PE_LICAT.A tried a maximum number of 800 times, producing one fresh website each time. Consequently, the malware remained up-to-date and despite any number of domains disconnected from the Internet, others were generated to replace them, Bacani said and Zastita.com published it on October 7, 2010.
Meanwhile, Solutions Architect Rik Ferguson of Trend Micro while remarking about PE_LICAT.A stated that the malware's contaminations were widespread both numerically as well as geographically. Softpedia.com reported this.
Indeed, as per details, hitherto, North America is likely the most targeted geographical area, with Africa and Middle East on No.2 and Asia-Pacific on No.3.
Moreover according to the company, although the new malware is hitting the headlines by spreading all over the world, the top group of malicious programs infecting files currently is Worm Sality as well as its variants.
Eventually, the security researchers recommend that all users should deploy high-quality security software so they can prevent PE_LICAT.A from infiltrating personal computers.
Related article: Trend Micro Detects Spam Mail Declaring World War III
» SPAMfighter News - 12-10-2010