Google spoofing worm and other malware of the week

Percoban.A reaches computers disguised as a Word file. When run, it makes a copy of itself with names such as Rahasiamu.exe or Jangan Dibuka.exe. It also creates a Windows registry key to ensure that it is run on every session startup. In addition, it disables the Registry editor and the task manager and hides the search function in the Start menu.

Manclick.A is a worm that installs on computers under the guise of a Windows folder. When this worm is run, it passes itself off as the web page of the Google search engine. The appearance of this page is very similar to the original one and the results, if a user were to click them, could lead to malicious websites that download malware or take other malicious action.

The worm creates several copies of itself on the system and it also creates two registry keys to ensure it is run every time the system is started up. Similarly, it deletes certain Windows registry keys to prevent the computer from starting up in any of the available save modes.

Dung.A is a worm that also enters computers using the icon of a Windows folder. This malicious code opens a random system port and waits to receive commands, sending requests to a certain web page.

This worm makes several copies of itself on the system and edits two Windows registry keys to be able to run every time a session is started.