New worm claims to show you pictures of Paris

If you get an email from one of your friends, with a subject line-“My Photo on Paris’, do not click and download the zipped attachment. The poor fellow has definitely not been to the fashion capital of the world on a pleasure trip! And instead of showing you the picturesque Paris and its great Eiffel Tower, the email will pave way for a worm to rear its ugly head inside your computer the moment you open the attachment.

Security Analysts at MicroWorld Technologies inform that the attached file “Picture.zip’ bundles two “.bat’ files and a file named “picture.bmp’. This bmp is a Trojan Downloader code that goes on to connect to predefined websites and bring in “Worm.Win32.Brontok.o’

“Brontok.o’ is a mass mailing worm with its own emailing engine. After harvesting mail addresses from the victim’s computer, it forges the email identity of the victim and sends “picture.bmp’ to all the contacts found in the address book. The mail could be either in Indonesian or English.
Inside the computer, Brontok moves on to shut down many popular AntiVirus software and overwrites the HOSTS file to stop their regular process of signature updating. The worm installs itself in the registry and replaces infected files with clean copies to evade detection by AntiVirus software. Brontok has the capability to log on to specific websites and download more malware, and with the AntiVirus out of action, it could potentially bring in deadly Trojans.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS

Don't miss