Zhelatin Variants Intercepted By Security Experts

Kaspersky Lab's security experts have discovered a fresh mutant of the email worm "Zhelatin". The company identified this new mutant "Zhelatin.o" on 4 February 2007. However, it's rated as 'moderate' risk.

The latest modification of Zhelatin worms family, Zhelatin.o too uses social engineering techniques just like several other worms. It carries message subjects and topics that intend to dupe the user into opening the attachment.

This new worm is a portable .exe file that's crammed with UPX (Ultimate Packer of Executables). It replicates itself on the hard-disk and alters the registry for ensuring that it gets automatically loaded on start-up. Afterward this it harvests the email addresses contained in the hard-disk and automatically forwards it through email. It does so by setting up a direct connection to the SMTP server of the recipient.

Once downloaded, the worm disables the anti virus services and firewall on the compromised PC. It makes use of rootkit technology for masking the presence of the worm on the machine. Zhelatin.o infects files with .exe or .scr extension found on the machine by replicating its code on to these files.

David Emm - senior technology consultant with Kaspersky Lab, was quoted by the website vnunet.com in its news saying, "Like other worms, this latest mutant of Zhelatin family also makes use of social engineering techniques to lure the users in to opening the attachment."

Another mutant of this family "Zhelatin.r" is also seen rampantly spreading. Its subject line keeps changing and there's no content in the body of the email. But, there's an attachment contained in this mail. Typically, this attachment is named something like Postcard.exe. The malevolent function gets executed as soon as the users open this attachment.

The signs indicate that this worm is being mass mailed by its author to as many PCs as possible, so that the media don't get enough time to raise an alarm to help the users protect themselves from this demon.

Owing to this outburst, experts have recommended the users to keep their anti virus databases updated and also to not download the attachments in any email messages coming from unknown source.

» SPAMfighter News - 2/14/2007