14 DAY TRIAL // Earlier this day, security company Trend Micro has published an advisory concerning a malicious JavaScript that attempts to open Internet Explorer in order to download additional infections on an affected computer. Now, another Microsoft Windows component is affected by a pretty dangerous infection: Windows Task Scheduler. According to a report signed by the same security company, WORM_SOHANAD.FM affects Windows 98, ME, NT, 2000, XP and Server 2003 and has a low overall risk rating. However, its damage potential is medium, while the distribution potential has the same risk rating. I guess we've all understood that this worm is pretty dangerous for a vulnerable computer.
Now, let's get to some serious matters. It seems like WORM_SOHANAD.FM can reach your computer once you visit a malicious website equipped with the infection. In addition, it may be dropped by another malware already installed on your computer. Moreover, it attempts to use the Windows Task Scheduler to be sure it is executed at a later time.
"It then uses the Windows Task Scheduler to create a scheduled task that executes the dropped copy. This worm also creates a registry entry to enable its automatic execution at every system startup", Trend Micro noted in the notification.
Task Manager may become unavailable as the worm creates new registry entries to disable this Windows function. "This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed", the security company continued.
Just like any other recent worm, it tries to connect to the web in order to download and deploy additional infections on an affected computer, but the URLs are unavailable according to Trend Micro. So, don't forget to update your antivirus solution and avoid using suspicious pages that may drop the infection on your computer.