Remember the Sasser/Blaster worm that infected pre-SP2 XP machines? Well, here's an encounter with another worm that causes a reboot whenever a download is initiated or keywords are opened in an Explorer window.
What is it called?
"Email-Worm.Win32.Brontok.a (Kaspersky Lab) is also known as: W32/Rontokbro.gen@MM (McAfee), W32.Rontokbro@mm (Symantec), BackDoor.Generic.1138 (Doctor Web), W32/Korbo-B (Sophos), Worm/Brontok.a (H+BEDV), Win32.Brontok.A@mm (SOFTWIN), Worm.Mytob.GH (ClamAV), W32/Brontok.C.worm (Panda), Win32/Brontok.E (Eset)"
What does it do?
It changes the registry so that it could have freedom to launch itself at startup, and prevent the user from removing it.
How does it infect?
Spreads itself via e-mail
How can I prevent it?
Best way to prevent viruses still is to have your AV software updated and be discerning in opening e-mail attachments (especially if it is blatantly an executable file.)
Resource: Brontok e-mail worm
No comments:
Post a Comment