Virus enters via IM; poses as Office Genuine Advantage Checker

An executable file, which is a virus in reality, usually enters via IM applications, unlocking doors for the cybercriminals to hold the reins of a system, Bitdefender researchers report.

The worm-- Win32.Worm.Coidung.B-- is part of malevolent code based on Visual Basic. It circulates through the Yahoo Messenger, and poses as an Office Genuine Advantage checker, known as 'office_genuine.exe'. Besides the virus, a file infector-- Win32.Virtob-- also gets fixed.

It is not known whether the Virtob code was deliberately planted within the virus, or it was their logically. However, the researchers are sure that the virus moves with a gloomy traveler.

This executable file was used by computer holders to ensure if their Microsoft Office applications were genuine. However, it was denounced in December 2010, the time when Microsoft withdrew the OGA program.

When this file is executed, the worm hinders the operating system's firewall, and gives an access to the architect behind the action to launch his malicious instructions. The assailant,
after holding the reins of the system, becomes capable of doing anything malevolent.

The virus copies itself into a number of unknown locations, including registries and start-up folder, to ensure that it could carry out its malevolent acts whenever the system boots. At the same time, the virus also ensures that no copies in the system are deleted, deactivated or removed from the startup.

Besides the harm caused due to the virus, the computer may also get polymorphic virus assault. The Virtob, attached to the virus, also spreads to various locations. The approach is followed by sections of malicious software.

The virus has gained reputation for it can avoid emulators and virtual machines. It contaminates ASP, HTM, and PHP scripts (the most common file formats for web applications) at the same time while waiting for the command from the attacker for downloading from further malware and executing it on the computer.

According to the Bitdefender's researchers, this is an old tactic. Few years back, immediately after the Microsoft unveiled the contentious Windows Genuine Advantage Validation Notification program, a malware also posed as a Windows authentic utility. Previous tricks are usually used by criminals to earn good amount.

Related article: Virus Infects Through USB Drives

» SPAMfighter News - 11/22/2011