14 DAY TRIAL // It's been a while since we last saw such a powerful worm, although its overall risk rating was set to low. Security company Trend Micro wrote in the WORM_VB.GOZ security advisory that this new threat affected the majority of Windows versions including 98, ME, NT, 2000, XP and Server 2003. But as the title says, the worm has a high distribution potential and a medium damage potential, which underlines the dangers raised by the threat. WORM_VB.GOZ can be easily deployed on a computer, because it may be downloaded from a malicious page without user's approval, or it can be dropped by other infections.
"This worm may arrive bundled with other malware as a malware component. It may also be downloaded unknowingly by a user when visiting malicious Web sites", Trend Micro wrote in the security advisory rolled out today.
After the worm arrives on a computer and it is executed, it will display an error message, obviously fake, to inform the user that an executable file is broken and cannot be started. This is the moment when the entire infection process is started. "It then drops a copy of itself and creates a registry entry to enable its automatic execution at every system startup."
Just like any other recent worm, WORM_VB.GOZ attempts to infect every new removable device, connected to the computer, and spread once the device is connected to a clean PC.
"This worm hides every folder in the root folder of both physical and removable devices of the affected system. It then drops a copy of itself using the folder names as the file names of its dropped copies. It also uses the folder icon to fool the user into thinking that it is a non-malicious file", Trend Micro added in the notification.