Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Virus enters via IM; poses as Office Genuine Advantage Checker

An executable file, which is a virus in reality, usually enters via IM applications, unlocking doors for the cybercriminals to hold the reins of a system, Bitdefender researchers report.

The worm-- Win32.Worm.Coidung.B-- is part of malevolent code based on Visual Basic. It circulates through the Yahoo Messenger, and poses as an Office Genuine Advantage checker, known as 'office_genuine.exe'. Besides the virus, a file infector-- Win32.Virtob-- also gets fixed.

It is not known whether the Virtob code was deliberately planted within the virus, or it was their logically. However, the researchers are sure that the virus moves with a gloomy traveler.

This executable file was used by computer holders to ensure if their Microsoft Office applications were genuine. However, it was denounced in December 2010, the time when Microsoft withdrew the OGA program.

When this file is executed, the worm hinders the operating system's firewall, and gives an access to the architect behind the action to launch his malicious instructions. The assailant,
after holding the reins of the system, becomes capable of doing anything malevolent.

The virus copies itself into a number of unknown locations, including registries and start-up folder, to ensure that it could carry out its malevolent acts whenever the system boots. At the same time, the virus also ensures that no copies in the system are deleted, deactivated or removed from the startup.

Besides the harm caused due to the virus, the computer may also get polymorphic virus assault. The Virtob, attached to the virus, also spreads to various locations. The approach is followed by sections of malicious software.

The virus has gained reputation for it can avoid emulators and virtual machines. It contaminates ASP, HTM, and PHP scripts (the most common file formats for web applications) at the same time while waiting for the command from the attacker for downloading from further malware and executing it on the computer.

According to the Bitdefender's researchers, this is an old tactic. Few years back, immediately after the Microsoft unveiled the contentious Windows Genuine Advantage Validation Notification program, a malware also posed as a Windows authentic utility. Previous tricks are usually used by criminals to earn good amount.

Related article: Virus Infects Through USB Drives

ยป SPAMfighter News - 22-11-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next