RSS Alerts

Related Links

Related Stories

  • Penn State researchers hinder worm propagation
    Researchers at Penn State University have devised an algorithm designed to slow down the kind of rapidly-spreading network worm that can infect large portions of the internet quickly.
  • Conficker still rampant in some countries' networks
    The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%.
  • Microsoft releases SIRv7 - network worms on the rise
    Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide.
  • Twitter worm steals user details
    A worm on Twitter is tricking users into giving up their user details at the same time as redirecting victims to a dating website where the aggregate number of views result in affiliate revenue.
  • New Botnets on the Prowl
    Two new botnets have emerged in the past few weeks, and at least one shows signs of being an upgrade to a previous botnet that wreaked havoc in the wild.

News

Spybot worm spreads via direct P2P file sharing

22 February 2010

Researchers have identified Spybot.AKB, a worm that spreads across P2P networks and email systems.

The worm, uncovered by companies including Panda Security, tricks users by appearing as a social network invitation or a response on a Google job application. Once installed, it directs results from searches on keywords such as ‘hotel’, ‘weather, or ‘airlines’ to pages that can contain malware.

Spybot.AKB spreads itself via email messages or direct peer-to-peer file sharing connections. One email purports to be a Twitter invitation from another user, containing a file that users must supposedly run to join the service. The P2P infection involves the worm copying itself and renaming itself with the filename of a popular application, such as VMware, or Norton Anti-Virus.

The worm installs itself as a Firefox extension. When the user chooses the Disable or Uninstall option, the extension is disabled or uninstalled, but the file that has installed it remains memory resident.

Spybot.AKB is also self-protecting. It will “take a series of actions to compromise the security level of infected computers, adding itself to Windows firewall list of authorized applications, and disabling the Windows error reporting service and the user access control,” according to Panda Labs. The anti-malware vendor said that the worm also disables the User Access Control feature found in Windows Vista and Windows 7.

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water