Brontok.H Appears Consistently in Every ‘Top 10 Virus List’
Security solutions provider PandaLabs has detected a speedily exploding Trojan in June 2007. This Trojan, dubbed as the Brontok.H worm, had been one among the top ten malware listed in June.
The Brontok.H worm spreads through e-mail attachments. The e-mail messages are in broken English or Indonesian language. The attachments are mostly '.exe' or '.zip' files. The content in the messages relate to preaching or moral policing as they write about 'saying no to drugs' or 'stop free sex'. Many Brontok variants hit USB drives as well, thereby gaining an additional means of transmission.
Once able to enter an affected PC, the worm begins a host of damaging activities. First the Brontok erases the 'folder options' completely from Windows Explorer. Then it creates registry entries one of which makes sure that the worm runs whenever the computer starts up. Further, it deactivates the Task Manager and disables the Command Prompt.
The worst payload of the worm starts when it captivates the Windows registry as a whole, preventing installation of any software on the attacked PC. Brontok displays its political colors when some of its variants run a 'Ping Flood Attack' on websites of Israeli government.
The worm has been giving a lot of trouble to network administrators and also, home computer users as it multiplies rapidly through its twin methods of propagation, said Manoj Manuskhani, Head of Technology and Marketing, Microworld, in his company's press release, as published by press release 365 on July 16, 2007.
The first detection of the Brontok variant was reported in October 2005. Since then, at least one variant of the worm has been appearing every time to cripple organizational networks and home PCs. It has also been in the top ten malware threats representing part of globally detected viruses.
PandaLabs reported that the most forcefully spreading threat in June 2007 was Downloader.MDW with Brontok.H following in the second position.
Among the other high rating worms, the Lineage.BZE Trojan occupied the seventh spot. It is a password-stealing Trojan. Next in the list was PcClient.DU, the lone backdoor Trojan. The ninth and tenth places went to Downloader.NOE and a new arrival, Lowzones.TP, respectively.
Related article: Burnt Cash Proves Potent Malware Lure
» SPAMfighter News - 26-07-2007