Advertisment

Malicious spyware on the prowl

author-image
CIOL Bureau
Updated On
New Update



NEW DELHI: Trend Micro, Inc., provider of network antivirus and Internet content security software and services, has issued a medium risk alert for WORM_WURMARK.J, a memory-resident worm, which has been seen spreading by email throughout Asia and Europe. Upon execution, it drops a copy of itself in the Windows system folder using a random file name.






According to the press release, it also drops a randomly named (Dynamic Link Library) DLL file in the Windows system folder, which is a component of an IESpy, a Spyware program. This is the first time a worm has been identified, containing a commercial spyware program, the release states.





WORM_WURMARK.J has a separate keylogging capability built into the malware. It saves the logs typed by the user in a dropped random DLL file; WURMARK also collects any information entered into new text files. On execution, WURMARK drops several zip files in the Windows system folder as email attachments.





The subject of the email varies, using a number of words such as "details", "girls" "music" and "readme". Using basic social engineering methods, it entices users to open the .zip files with names like "love.zip", "image.zip" and "screensaver.zip". The message body however is blank.








 

tech-news