Destructive Trojan Claims as Microsoft Stuxnet Clean Up Solution
According to the security researchers at the security firm Symantec, a harmful Trojan that removes all the information from the computer partition, pretends as a Stuxnet clean up solution created by Microsoft.
W32 Stuxnet is a virus that first emerged during the early 2010 and has got a fair share of infamy. Its highly sophisticated design and the truth that it abused four zero day flaws in Windows, undoubtedly suggests that there are some computer professionals behind it, probably a group of cybercriminals.
As Stuxnet is such significant news, cybercriminals who distribute malware are taking advantage of this opportunity to carry out their malicious activities.
Symantec has found in its investigations that so many forums are discussing about a free Stuxnet removal tool but that tool, in reality, is a portion of malware.
If users run this Stuxnet removal tool it first modifies some registry to invalidate files with extensions like .exe, .mp3, .jpg, .bmp, and .gif, thereby, preventing those kind of files from opening. Secondly, it terminates several procedures.
The worst thing about this Stuxnet removal tool is that it deletes all files stored in the C drive. This tool will definitely remove Stuxnet if it is placed inside the C drive but it will also delete all other content and data saved inside C drive.
Security firm Symantec stated that they had successfully got a sample of this Stuxnet removal tool and according to their analysis it was dangerous. The firm had warned users of not running the tool, as reported by a Symantec blog post on October 15, 2010.
The new Trojan revealed by Symantec, which the firm has named as Trojan.Fadeluxnet, has no clear financial intentions behind it. This tool was circulated around forums where security experts were discussing regarding Stuxnet removal solutions, recommending that it may attack the worm's victims.
The security researchers stated that the bogus clean up tool comes with a signature of "Microsoft Stuxnet Cleaner," in a possible effort to take advantage of Microsoft's well- known active participation in Stuxnet research.
Security experts stated that although this incident did not occur because of Stuxnet, it indicated the technique in which it could have been used, and that is why Stuxnet had been named by some security experts as the original "cyber super weapon".
Related article: District Attorney Alerts of Scam E-Mails Titled ‘Breaking News’
» SPAMfighter News - 23-10-2010