14 DAY TRIAL // A worm has been discovered that when unleashed, it takes over your DHCP and DNS servers, sending undesired requests to more malware containing locations.
Identified by the name of Worm.Ropian.E, the foe immediately seizes the DNS and DHCP servers. Because these are some of the most important services that control internet connections, the virus can make sure you are redirected to a single place, no matter what URL you type in the address bar of your web application.
Malware City informs us that the malicious destination looks like an error page that alerts “Your browser is no longer supported. Please upgrade to a modern software.”
Anyone might be tempted to believe this message and click on the “Browser update” button at the bottom of the screen because every single request takes you to the same site.
If the update button is clicked, the device will be infected even further, acting as a DHCP server for the entire network of computers. To make everything more credible, the worm downloads a file called upbrowsers[date].exe, where the date is a variable that always matches the current date.
Once executed, the infection spreads even further, installing a TDSS rootkit that does even more damage to your device and your network. Just imagine the damage that it could cause to a company's structure.
Worm.Rorpian.E utilizes a lot of ways to infect all the machines in its range. It makes good use of some critical vulnerabilities and shared elements to expand the “disease” throughout the entire grid.
Many people have recently heard about the newly emerged SSL issues that need to be patched in each browser and that's why the “Browser update” is so tempting, but if we think about it a bit, major vendors will most likely not make the upgrade process so brutal and blunt.
If you find your computer infected with Ropian, you can always install the TDSS/ TDL4 rootkit removal tool which will get rid of the pesky contamination.
The TDSS/TDL4 rootkit removal tool is available for download here