Free Microsoft Security Tool Tackles Rorpian, Yimfoca and Nuqel Worms

The release of the June 2011 security bulletins per the normal Microsoft patch cycle brings with it an updated version of the Malicious Software Removal Tool (MSRT).

With the Malicious Software Removal Tool, the software giant is offering Windows users a specialized security tool designed to hunt down specific threats as opposite to all malicious code.

Month after month, the Redmond company adds more items to the list of malware that MSRT is capable of identifying and removing.

In June 2011, Microsoft decided it was time to tackle three worm families with rising infection rates, namely Win32/Rorpian, Win32/Yimfoca and Win32/Nuqel.

“One of these three is Win32/Nuqel, which has been around for four years since its first variant was found. More than 60 variants of Win32/Nuqel have been identified in the wild,” revealed Shawn Wang & Scott Wu, MMPC.

“This worm spreads itself via network shares, removable drives and instant messenger programs. These combined spreading methods make it very efficient in propagating, and it has gained prevalence lately.”

In addition to abusing the Autorun functionality in Windows in order to spread from one machine to another, Nuqel is also capable of infecting additional computers by copying itself to folders on network shares.

The worm is capable of masquerading as an unsuspecting folder, with such labels as New Folder or Pictures. Victims that click on such a folder actually activate the worm, the software giant informed.

“The other two threat families added to MSRT detection for June 2011 are Win32/Yimfoca and Win32/Rorpian, both of which are also high-profile worms with several payloads and are also gaining prevalence these days,” Wang added.

“We believe MSRT will put a dent in these threats, and as always, we recommend that users install real-time protection with a full antivirus solution such as Microsoft Security Essentials.”

The Malicious Software Removal Tool (MSRT) is available for download here.

Hot right now  ·  Latest news