Agressive worm infection leads to banking Trojan infection
Posted on 30.11.2012
An aggressive variant of the VBNA-X "autorun" worm is finding its way onto users' computers, preparing them for further malicious downloads, warns Sophos.

"W32/VBNA-X is a worm, but also exhibits characteristics typically found in a Trojan. Its most obvious method of spreading appears to be through the use of autorun.inf files dropped on removable media and writable network shares," shares Chester Wisniewski.

Still, there are many who have already disable the Autorun/Autoplay option, but still get infected, as the worm hides legitimate folders and file extensions, and creates copies of itself named Porn.exe, Sexy.exe, Passwords.exe and Secret.exe and uses standard Windows 7 icons for them:


"I can easily see how people browsing file shares and USB drives could accidentally click the wrong folder, especially if the real folders are set to hidden," Wisniewski points out.

The worm is capable of adding registry keys to make itself run every time the infected machine boots up, and some variants can also disable Windows Update.

This new variant contacts a C&C server to receive instructions and downloads additional malicious payloads. In the instances investigated by Sophos, that payload was a Zeus Trojan variant - but that can change in the future.






Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //