This family of malware is known as the Phopifas family. This is another family of worms that has done some major damage in the past. Just last year alone Phopifas!gen1 was responsible for 2.5 million infections. This was a wide spread malware at the time, and it started with the rise of Skype. Now while it is not as well known today this malware is a smaller threat to companies such as Symantec and Bitdefender who have labeled this threat as Low Level Risk. The reason for this was the malware is not widely spread, and the malware has already been identified once.Origin
The origin of this malware was first found via a Skype link were there was a message along the lines of Were did you get this picture? Or is this picture really of you? Or even i cant believe that you would do that. These messages want the user to click the link to see what the image is unfortunately they don't know they are headed to a malicious site. This malware has been transferred in many other forms of social networks including Facebook. After they go to the download page they download the image in a ZIP file which strikes many people as odd but they continue with it anyways. The malware is in the folder and is apparently the second downloaded item.
Effects
This malware has in some cases contained some other forms of malware such as trojans. However since the malware has been used by many other people it is hard to tell what the exact type of malware was being spread. The purpose of the worm is to spread its self to other users by using the same social media source that it originated from. So one person get the worm then their skype account sends out the same message that they received to spread the malware even more. Now the other malware that the ZIP file contains has mostly been isolated to trojans, however some cases have been reported to contain viruses, rootkits, and others. As with any worm be sure to avoid using a USB drive or connecting to your internet or there is a risk that this malware will spread to other users on the same network.
Removal
The removal process is quiet simple you will want to delete the zip file that you downloaded and use one of the secondary scanners below. After that I recommend that you change your Skype password because it might have been compromised during the infection. Now if your antivirus is not detecting or removing the malware then you can try booting into safe mode and deleting the file that way to wipe it out for good.
Protection
As always have some sort of antivirus and firewall installed on your computer and make sure that they are being updated daily. Even if you have these installed to click on any suspicious links that you may come across on skype or Facebook. The reason is if the malware is new and the company does not have it in their signatures or database then you will be in trouble because the antivirus program cant help you. So just because your system is protected don't be daring and try to download the file.
Secondary Malware Scanners
HitmanPro: http://www.surfright.nl/en/hitmanpro/
Panda Active Scan: http://www.pandasecurity.com/homeusers/solutions/activescan/
Malwarebytes: http://www.malwarebytes.org/
Super AntiSpyware: http://www.superantispyware.com/
Bitdefender Quick Scan: http://quickscan.bitdefender.com/
Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx
.png)
0 comments:
Post a Comment