If you get an email from one of your friends, with a
subject line-'My Photo on Paris', do not click and download
the zipped attachment. The poor fellow has definitely
not been to the fashion capital of the world on a pleasure
trip! And instead of showing you the picturesque Paris
and its great Eiffel Tower, the email will pave way
for a worm to rear its ugly head inside your computer
the moment you open the attachment.
Security Analysts at MicroWorld Technologies inform
that the attached file 'Picture.zip' bundles two '.bat'
files and a file named 'picture.bmp'. This bmp is
a Trojan Downloader code that goes on to connect to
predefined websites and bring in 'Worm.Win32.Brontok.o'
'Brontok.o' is a mass mailing worm with its own emailing
engine. After harvesting mail addresses from the victim's
computer, it forges the email identity of the victim
and sends 'picture.bmp' to all the contacts found
in the address book. The mail could be either in Indonesian
or English.
"Offering to show personal photographs has been
a regular mode of proliferation for most Brontok varieties,"
says Sulabh Mahant, Security Analyst, MicroWorld Technologies.
"The fact they are continuing the same method
with slight modifications in the vector and code,
goes to prove that the attackers are still managing
to hit large number of unsuspecting users and plant
this worm successfully. May be one should blame it
on most people's curiosity to view some wonderful
candid frames from the lives of their friends and
relatives!"
Inside the computer, Brontok moves on to shut down
many popular AntiVirus software and overwrites the
HOSTS file to stop their regular process of signature
updating. The worm installs itself in the registry
and replaces infected files with clean copies to evade
detection by AntiVirus software. Brontok has the capability
to log on to specific websites and download more malware,
and with the AntiVirus out of action, it could potentially
bring in deadly Trojans.
"Worms like these can seriously handicap enterprises
by spreading like crazy via their internal mailing
systems," points out Sunil Kripalani, Vice President,
Global Sales and Marketing, MicroWorld Technologies.
"That's precisely why we have been strongly recommending
the eScan Enterprise solution in providing a multi-layered
protection for the mailing systems in organizations
and business houses."
In eScan Enterprise, you have 'MailScan' to protect
the Mail Server and 'eScan' that protects the Server
and each Workstation across the board. Both our solutions
are powered by Unique MWL technology and the world's
best AntiVirus engine with the fastest detection rate,
to make sure that we leave nothing to chance in consistently
and steadfastly protecting information Integrity and
Business Continuity, explains Sunil Kripalani.
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time
Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security
software,
MailScan is the first comprehensive e-mail
scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
