Feebs Worm Spreads via email and P2P

Security Analysts from MicroWorld Technologies inform that “Worm.Win32.Feebs.db’ is a new entrant to the Feebs family that spreads via email, P2P Networks and Web /FTP Servers.

Feebs.db circulates via email attachments in “.HTA” format containing HTML application files. This file includes a JavaScript component that facilitates further download of malware from predefined Servers. The same JavaScript strain will also cause a fake web page to be displayed to misinform you that the Internet connection is not available.

“Feebs represents that breed of worms which explore multiple ways of proliferation. In here, the worm makes sure that it’s got plan B and plan C in place, if the first method fails. Apparently, this strategy is proving successful as one can see Feebs spreading fast in targeted groups,” explains Arti Taru, Assistant Manager, R&D, MicroWorld Technologies.

After installing itself in the registry, the worm disables many AntiVirus and Firewalls and lowers Windows Security levels, in order to exposes computers to further attacks. Then it places itself in shared folders used by some P2P applications and sends invitations to other Workstations to accept the new resource.