BannerPortlet

Blogs

On January 12, 2010, Bkis’ malware monitoring system discovered an email worm propagation campaign. This time, hacker forges Twitter’s invitation. If gullible users open the attached file, their computers will be infected with worm.

Twitterfaked

Still, familiar solutions work on this case. Accordingly, you must take caution on dealing with suspicious information from the Internet. Do not click on strange links or open unknown attached files, and particularly, you must have your antivirus software updated with the latest version.

Lastest version of Bkav has recognized the worm as W32.Hitwica.Worm

According to our malware analysts, worm also fake Hallmark and Hi5 to generate email which contained malware.

Below is the virus analysis in detailed:

1. Copies file named “nvscv32.exe” to the directory %SysDir%

2. Writes the following value :

“NVIDIA Driver Helper Service1” = “%VRPath%”

to key HKCU\....\Run so that virus can be automatically activated on Windows’ startup.

3. Writes to key

HKLM\SYSTEM\ControlSet001\.....\StandardProfile\AuthorizedApplications\List

to bypass Firewall

4. Sends emails attached with virus file via the following mail servers:

mail.messaging.microsoft

smtp.freenet.am

mail1.freenet.am

mail.gmx.net

mail.lidskialf.net

smtp.styx.cabel.net

smtp.microset.ru

..............

5. The emails have the following content:

=============================

From     : invitations[at]twitter.com

Subject : Your friend invited you to twitter!

Body     :

"Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question:

What are you doing?

To join or to see who invited you, check the attachment."

============================

From     : invitations[at]hi5.com

Subject : Jessica would like to be your friend on hi5!

Body     :

"I set up a hi5 profile and I want to add you as a friend so we can share pictures and start building our network.

First see your invitation card I attached!

Once you join, you will have a chance to create a profile, share pictures, and find friends."

==========================

From     : e-cards[at]hallmark.com

Subject : You have received A Hallmark E-Card!

Body     :

"Hello!

You have recieved a Hallmark E-Card from your friend.

To see it, check the attachment.

There's something special about that E-Card feeling. We invite you to make a friend's day and send one.

Hope to see you soon,

Your friends at Hallmark"

Analyst: Nguyen Hoai Cong

 

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet