Archive

Posts Tagged ‘worm’

W32/autorun.worm.aaeb-h Outbreak

Nov 28, 2012 1 comment

I don’t typically post on virus or malware outbreaks because it would consume too much of my time and they are simply too frequently created. For the most part, if you run your network and systems with the concepts of defense in depth and principle of least access, you should be fine. And as long as you are not running as the local administrator of your workstation you should also be fine… But every once in a while a piece of malware becomes noteworthy…

In this case, W32/autorun.worm.aaeb-h infects both removable media and network shares by coping itself to those locations. Once copied, it modifies the permissions so the executable is hidden. When used with removable media (think USB flash drives, or even MP3 players), it will modify the autorun.inf to auto-run the executable. It will also infect files with common file types such as audio (mp3, wmv, avi) and documents (doc, xls, pdf).

The presence of the following file names will indicate you might have this worm:

  • Secret.exe
  • Sexy.exe
  • Pron.exe
  • Password.exe
  • x.mpeg

Defense:

  • Disable autorun feature
  • Prevent the use of USB media for mission-critical servers
  • Ensure scanning is enabled for removable media

Mitigation:

For more information on McAfee product coverage and mitigation for this threat, see PD24169 – Threat Advisory: W32/Autorun.worm.aaeb

Advertisements

Conflicker Worm (updated) information you can use

Apr 8, 2009 1 comment

syringePurpose

There has been a lot of media hype over the last couple of days regarding a worm called Conficker which is supposedly going to create mass havoc on April 1. We have received several calls from concern clients regarding this and I wanted to provide an authoritative source of information you, our valued clients. I have been disturbed by the way the national media has reported on this worm as they provided background information, but do not answer your basic question… what do I do now?

Background

The Conficker worm has been infecting computers since 2008 and has been silently operating on many computers across the global. They are part of a wider know series of threats known as BOTNETs which can effectively turn infected computers into “BOTs” to perform the desired tasks of the maker, such as sending spam or hacking activity. More information on Conficker and BOTNETS can be found below. Read more…

Conficker Worm – information you can use

Apr 1, 2009 2 comments

syringePurpose

There has been a lot of media hype over the last couple of days regarding a worm called Conficker which is supposedly going to create mass havoc on April 1. We have received several calls from concern clients regarding this and I wanted to provide an authoritative source of information you, our valued clients. I have been disturbed by the way the national media has reported on this worm as they provided background information, but do not answer your basic question… what do I do now?

Background

The Conficker worm has been infecting computers since 2008 and has been silently operating on many computers across the global. They are part of a wider know series of threats known as BOTNETs which can effectively turn infected computers into “BOTs” to perform the desired tasks of the maker, such as sending spam or hacking activity. More information on Conficker and BOTNETS can be found below. Read more…