Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Cheburgen.a worm distributed in e-mail attachment.

MicroWorld Technologies : 30 May, 2007  (Technical Article)
E-mail users reminded to apply caution when opening e-mail attachment as latest worm continues the trend for embedding malicious code in attached files.
'Here is your documents', 'Mail Delivery System', 'Mail Transaction Failed' or 'Re: Thank you for delivery'. If you chance upon a new mail in your mailbox with any of these lines in its subject field, carrying an attachment, apply caution! It's a new Worm named Cheburgen.a and the email mode of proliferation is just one of many ways in which it can wriggle into computers, say experts at MicroWorld Technologies.

The Worm is written in VC++ language. The name of the attachment is randomly picked from a list that contains words like Data, Body, Doc and Text. The file extension again is a random choice from bat, cmd, exe, scr, pif and zip. The malware comes with its own SMTP engine and sends copies to email addresses harvested from the Windows Address Book of the compromised computer. It modifies the Windows HOSTS files to stop computers from accessing websites of some security companies.

"Cheburgen is also distributed by other Trojans as well as using Drive-by-Download route when someone visits a malicious website," says Manoj Mansukhani, Head - Technology and Marketing, MicroWorld Technologies. "As if that's not trouble enough, it scans other PCs in the network and drops the malware in shared folders. And finally, the Worm is also found to be spreading by exploiting the 'LSASS vulnerability' in Windows."

The Malware displays its Backdoor capabilities when it opens certain ports, connects to IRC channels and takes orders from the remote attacker. The attacker can direct the malware to download and execute files from the Internet by working though this Backdoor component.

"This one has taken the term 'Blended Threat' real far that it adopts something or the other from a variety of malware breeds," points out Govind Rammurthy, CEO of MicroWorld Technologies.

"People behind this malicious program simply believe that the more is merrier and tries to fire on as many cylinders as possible in their attempt to proliferate it. If you want to protect your computers against a threat like this, it is imperative that you rely on a Security Software that checks all the modes of its spreading routine," he adds.

eScan, the Antivirus, AntiSpam and Content Security software from MicroWorld Technologies, stops Virus and other malware from getting into computers through multiple channels. It ensures that Information Systems are protected against Viruses, Network Worms, Trojan Variants, Backdoors, Rootkits, Bots, Keyloggers, Porn Dialers, Phishing malware and more.

Non-users of eScan can download and run MicroWorld's free AntiVirus utility 'MWAV' to clean their computers, if they suspect the presence of Cheburgen.a in their computers. MWAV can be downloaded from the MicroWorld web site..

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo