'Here is your documents', 'Mail Delivery System', 'Mail Transaction Failed' or 'Re: Thank you for delivery'. If you chance upon a new mail in your mailbox with any of these lines in its subject field, carrying an attachment, apply caution!
It's a new Worm named Cheburgen.a and the email mode of proliferation is just one of many ways in which it can wriggle into computers, say experts at MicroWorld Technologies.
The Worm is written in VC++ language. The name of the attachment is randomly picked from a list that contains words like Data, Body, Doc and Text. The file extension again is a random choice from bat, cmd, exe, scr, pif and zip. The malware comes with its own SMTP engine and sends copies to email addresses harvested from the Windows Address Book of the compromised computer. It modifies the Windows HOSTS files to stop computers from accessing websites of some security companies.
"Cheburgen is also distributed by other Trojans as well as using Drive-by-Download route when someone visits a malicious website," says Manoj Mansukhani, Head - Technology and Marketing, MicroWorld Technologies. "As if that's not trouble enough, it scans other PCs in the network and drops the malware in shared folders. And finally, the Worm is also found to be spreading by exploiting the 'LSASS vulnerability' in Windows."
The Malware displays its Backdoor capabilities when it opens certain ports, connects to IRC channels and takes orders from the remote attacker. The attacker can direct the malware to download and execute files from the Internet by working though this Backdoor component.
"This one has taken the term 'Blended Threat' real far that it adopts something or the other from a variety of malware breeds," points out Govind Rammurthy, CEO of MicroWorld Technologies.
"People behind this malicious program simply believe that the more is merrier and tries to fire on as many cylinders as possible in their attempt to proliferate it. If you want to protect your computers against a threat like this, it is imperative that you rely on a Security Software that checks all the modes of its spreading routine," he adds.
eScan, the Antivirus, AntiSpam and Content Security software from MicroWorld Technologies, stops Virus and other malware from getting into computers through multiple channels. It ensures that Information Systems are protected against Viruses, Network Worms, Trojan Variants, Backdoors, Rootkits, Bots, Keyloggers, Porn Dialers, Phishing malware and more.
Non-users of eScan can download and run MicroWorld's free AntiVirus utility 'MWAV' to clean their computers, if they suspect the presence of Cheburgen.a in their computers.
MicroWorld Technologies is the developer of the world's most advanced AntiVirus, Content Security and Firewall software eScan, MailScan, and eConceal. MicroWorld Winsock Layer (MWL) is the revolutionary technology that powers most of MicroWorld products enabling them to achieve several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready.