New Computer Worm Circulating Across Famous Social Networking Websites

Researchers at security firm BKIS (Bach Khoa Internet Security) announced that a new variety of a computer worm called W32.Hitwica.Worm is propagating on the Internet with the help of famous social networking websites. Six companies that are being exploited in this malware campaign are Facebook, Amazon, Google, Hi5, Twitter, and Hallmark.

Cybercriminals circulate fake e-mails with malicious codes, taking benefit of these companies' reputation, BKIS highlights.

For instance, some of these e-mails come with subject line as "Thank you from Google!" and allege to be sent from an e-mail address naming resume-thanks@google.com. The included message indicates that they are automatic generated response to Google job applications and the attached file, which includes the worm installer, is called "CV-20100120-112.zip."

The firm explains that many people fell prey to these kinds of phishing attacks because, these companies regularly send recruitment e-mails to their candidates and as a result users are easily scammed by such emails.

Others pretend as unread notifications from Facebook with subject line as "You have got a new message on Facebook!" and the attachment is named "Facebook message.zip."

The so-called Twitter e-mails pretend as invitations to join the service and include a file named "Invitation Card.zip." The hi5 ones are quite same, but allege to be friend request notification.

The e-mails referencing Amazon pretends as if they are order shipping updates and the attached file is named "Shipping documents.zip." Conclusively, the Hallmark messages profess to enclose an E-Card in a "Postcard.zip" attachment.

Once executed, the worm in the e-mails, dumps the %Windir%\MFPTKPAR.dll file, and replicates itself as file: %SystemDir%\HPWuSchedv.exe. Besides, it controls the key to load virus at the booting of Windows'.

Additionally, it stops the service: Error Reporting and Security Center, and also replicates itself to shared folders with names pretending as the setup folders of crack software or programs. Besides, it replicates itself as file autorun.inf to USB drives to circulate. It also stops the process of some famous antivirus software.

Commenting on these attacks, experts stated that this is still a great technique for cybercrooks to circulate virus through spam. They keep modifying the content of spam to tempt users to open links or attachments, which actually, is a virus.

Finally, BKIS warns all netizens to be wary of opening suspicious e-mails on their PC's.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 10/15/2010