Tuesday, March 16, 2010


 Brontok virus originated from Indonesia. It came as an attachment of e-mail named kangen.exe ("kangen" word itself means "miss you so much"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to begin with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is hidden, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is seen containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also come up when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it automatically sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open DOS window (Command Prompt) in Windows and disallows the user from downloading files. It also pop ups the default Web browser and loads a web page (HTML) which is found in the "My Pictures" (or on Windows Vista, "Pictures") folder. It creates .exe files in folders often named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives. Talking about removing the Brontok virus which can be eradicated by most current anti-virus solutions although there are various standalone tools available.

No comments:

Post a Comment