Worm Leverages Names of Indian Celebrities and Popular Games to Spread

McAfee researchers have analyzed this piece of malware

  Worm spreading mechanism
Security experts from McAfee have come across a worm, W32/Autorun.g, which is designed to spread via two methods: USB sticks and network shares, or instant messaging platforms.

Security experts from McAfee have come across a worm, W32/Autorun.g, which is designed to spread via two methods: USB sticks and network shares, or instant messaging platforms.

When the malware infects a computer, it drops a file called setting.ini into the Windows system folder. This .ini file contains a list of URLs that point to a remote server where copies of the worm are hosted.

These URLs are sent via instant messaging applications to the victim’s contacts. In order to ensure that other users become infected, the messages containing the URLs advertise things such as “Aishwarya Rai videos,” “stream Video of Nayanthara and Simbu,” “Nfs carbon download,” “free mobile games,” and “cyber cafe scandal visit.”

Once it’s downloaded and executed, the malware attempts to download other files and it terminates various processes, including “Registry,” “System Configuration,” “Windows mask,” and “FireLion.”

Judging by the messages it uses to spread, experts believe that the worm is designed to target Indian internauts.

Comments