Fresh VBS_SOYSOS Malware Erases Data Files off Tainted Devices

Trend Micro the security company has identified VBS_SOYSOS one fresh malware sample that is created for erasing files, some of which may be associated with 'computer-aided design' (CAD) programs, off contaminated systems.

According to the company's security researchers, VBS_SOYSOS, which was recently observed in Mexico in most number of instances (3,331), relied on VBScript for its development. The infections recorded are as of 10th November, 2013.

Vital image files, in particular DraWinG or .DWG files get erased when VBS_SOYSOS infects a computer. The malware isn't unprecedented in erasing files, but being a VBScript-based malware it is uncommon. When .DWG files that are popular products of CAD programs get erased they endanger a few industries' security, like engineering, automotive, architectural and manufacturing sectors that popularly utilize CAD software.

Incidentally as per the security company, VBS_SOYSOS disseminates across computers through detachable drives.

Additional examination discloses that the malicious program, which has a rather uncomplicated script, when run, creates its own replicas and assigns filenames to them of .DWG, .JPG or .MP3 extensions that are stored on the entire lot of detachable drives. However, instead of concealing all actual files, VBS_SOYSOS simply erases each one.

Trend Micro suggests that potentially infected end-users can check for the infection on their machines via searching for the malware's replica that's labeled D&D.vbe. Moreover, VBS_SOYSOS appends one 4U Denia & Dania marker onto the host computer's registry entries.

A fascinating aspect regarding the new malicious program is its capability of blocking admission into task manager as well as registry editor, implying that end-users would require third-party sources for getting the threat eradicated in a non-automatic manner, Trend Micro elaborates.

Well-known anti-malware programs are potentially capable of spotting the threat prior to its destructive operations; therefore, people must ensure such programs are active on their PCs.

Further, computers should be updated with the most recent security patches that the latter's vendors release from time to time.

And besides these precautionary steps, end-users need to avoid data loss as well which can be done via maintaining back up of all important files utilizing data-leak blocking software, the security company concludes.

» SPAMfighter News - 12/9/2013