New worm spreads via email, web and network shares

“Here is your documents’, “Mail Delivery System’, “Mail Transaction Failed’ or “Re: Thank you for delivery’. If you chance upon a new mail in your mailbox with any of these lines in its subject field, carrying an attachment, apply caution! It’s a new Worm named Cheburgen.a and the email mode of proliferation is just one of many ways in which it can wriggle into computers, say experts at MicroWorld Technologies.
The Worm is written in VC++ language. The name of the attachment is randomly picked from a list that contains words like Data, Body, Doc and Text. The file extension again is a random choice from bat, cmd, exe, scr, pif and zip. The malware comes with its own SMTP engine and sends copies to email addresses harvested from the Windows Address Book of the compromised computer. It modifies the Windows HOSTS files to stop computers from accessing websites of some security companies.
“Cheburgen is also distributed by other Trojans as well as using Drive-by-Download route when someone visits a malicious website,” says Manoj Mansukhani, Head – Technology and Marketing, MicroWorld Technologies. “As if that’s not trouble enough, it scans other PCs in the network and drops the malware in shared folders. And finally, the Worm is also found to be spreading by exploiting the “LSASS vulnerability’ in Windows.”
The Malware displays its Backdoor capabilities when it opens certain ports, connects to IRC channels and takes orders from the remote attacker. The attacker can direct the malware to download and execute files from the Internet by working though this Backdoor component.
“This one has taken the term “Blended Threat’ real far that it adopts something or the other from a variety of malware breeds,” points out Govind Rammurthy, CEO of MicroWorld Technologies.
“People behind this malicious program simply believe that the more is merrier and tries to fire on as many cylinders as possible in their attempt to proliferate it. If you want to protect your computers against a threat like this, it is imperative that you rely on a Security Software that checks all the modes of its spreading routine,” he adds.

Don't miss