A new string of the Changeup family of malware was detected and categorized by Symantec today. This malware is quite strange because it a low level worm. Generally when someone writes a worm it is meant to be very difficult to remove however Symantec marks it as a low level threat. Lets explore this family of malware and explain what it is meant to do to your computer.
Possible Infection Routes
You will contract a worm generally by downloading some sort of unsafe program. However they are also commonly shared by USB drives and the USB was infected for downloading the unsafe program and either it replicated its self onto the USB, or it was installed onto it. Since it is a worm we also know that it was possibly spread through the network from another infected machine. This is one of the reason any Network Manager or IT professional hates to deal with worms.Effects
This malware is very similar in its effects compared to any form of worm. It will set its self to autorun so that it will always run with the computer on start up. This is so common with malware that it is almost not worth mentioning. The worm is meant for two main things. The first thing being that a worm spreads to other users through any means necessary. The second main thing is to download more malware onto the computer. This malware is generally trojans that will steal information from your computer. Now think about this the worm spreads to as many computers as it can. It will then try to download trojans and more malware onto the computer. This technique is meant to steal as much information (credit card, banking, etc..) so the author can make money. There is also a thought that these worms are part of an affiliate scheme to were the author says if you pay me (insert dollar amount here) then I will get this many downloads.Removal
Scan your computer with any secondary scanners at the bottom of this post. You should also check anyone else that was on your network or if you used a flash drive. While you might get malware from the flash drive your antivirus product will detect it if it was already updated. You will want to disconnect your self from the internet if you feel like your computer does have the malware after you downloaded a scanner. The reason for this is you want to reduce any chances of getting the malware onto another computer or it makes removing it that much more difficult.Protection
Don't download any programs if you cant prove that they are safe or if they are from a trusted partner of the owners. For instance I could download Microsoft word but if I got it from some random site then even though the product is safe they might have added malware to that package. You should also keep an updated antivirus product on your computer to protect it in case you do run into the malware.Secondary Scanners
HitmanPro: http://www.surfright.nl/en/hitmanpro/
Panda Active Scan: http://www.pandasecurity.com/homeusers/solutions/activescan/
Malwarebytes: http://www.malwarebytes.org/
Super AntiSpyware: http://www.superantispyware.com/
Bitdefender Quick Scan: http://quickscan.bitdefender.com/
Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx
.png)
0 comments:
Post a Comment