Saturday, March 20, 2010

Some Variants of the Brontok worm

Some variants of the Rontokbro / Brontok worm cause the system to reboot when certain strings appear in task windows. For instance, if "EXE" shows in the title of a window, the worm will cause the system to shutdown and restart. Sometimes, the worm will pause the system during bootup and display a message in a similar fashion to much older DOS viruses. F-Secure includes a screenshot in their Brontok.N write-up.

Rontokbro / Brontok may also launch Ping attacks which, depending on the number of infected systems at any given time, could result as a Distributed Denial of Service (DDoS) attack.

Because the worm prevents access to the Registry Editor and other diagnostic device, and prevents access to anti-virus software, removing a Rontokbro / Brontok infection can be tricky.

No comments:

Post a Comment