Cheburgen.a: A New Email Worm
If you discover an unsolicited email attachment in your inbox, think twice before opening it. A new Worm known as Cheburgen.a is spreading rapidly on the Internet and as per the MicroWorld Technologies' experts, email is among the several means by which it can sneak into your computer.
'Here is your document', 'Mail Delivery System', 'Mail Transaction Failed' or 'Re: Thank You for delivery', are some of the common subject lines the worm uses to spread.
This worm is programmed in VC++ programming language and uses arbitrarily picked terms such as Data, Doc, Body, and Text for the name of the attachment. Similarly, the file extensions are randomly selected from bat, exe, cmd, pif, scr, and zip.
The malware has its own SMTP engine, which sends several transcripts to email address collected from the computers' Window address book. It also modifies the HOSTS files of the Window to prevent computers from contacting websites of certain security companies.
Further, the malware exhibits its secret abilities by opening particular ports, linking to IRC channels and taking instructions from the distant invader who can guide it to download and execute files from the web with the help of this secret element.
Manoj Mansukhani, Head (technology and marketing), MicroWorld Technologies in a statement published by Help Net Security on May 29, 2007 said, Cheburgen is circulated by new trojans too besides by the use of Drive-by-Download route as somebody visits a malevolent site.
Manoj added that the worm scans other computers in the set-up and leaves the malevolent program in shared folders. It also spreads by misusing 'LSASS vulnerability' in windows.
Govind Rammurthy, CEO of MicroWorld Technologies, in a statement published by CXO Today on May 29 2007, said, the people who developed this malware attempt to infect as may computes as they can. And if one wants to protect his computer from this worm, then it's essential that one depend on security software , which prevents the worm to spread. Govind further said that if users have any doubts regarding their computers infected by Cheburgen, then they could download and run Micro World's free of charge antivirus utility 'MWAV' so as to restore their computers.
Related article: Cybercriminals Exploited Software Vulnerabilities in Q2 2010
» SPAMfighter News - 08-06-2007