BitDefender's Virus Analyst Warn P2P Network Users

23 aprile 2007

Ymeak Worm Masquerades as Installer Executable

When it is first run, the worm displays a message ('The setup file is corrupted') to lull the user into a false sense of security. It then proceeds to download and install the RBot trojan. This done, the trojan begins to spread itself from the victim's computer using any of five file-sharing networks (Limewire, Shareaza, Bearshare, Morpheus or Morpheus Ultra) as a vector and a new name.

"The bit of evil genius here is that the name for each new copy of the worm is chosen at random from certain torrent and direct download sites, declared Viorel Canja, head of the Antivirus Lab for BitDefender. This way, the worm will always have an attractive name, so people will attempt to download and run it."

BitDefender users are not at risk and should let BitDefender antivirus disinfect the infected files (if any are found). A full technical description can be found here: http://www.bitdefender.com/VIRUS-1000079-en--Win32.Worm.VB.Ymeak.A.html

Contatti

UFFICIO STAMPA
[email protected]
RELAZIONI CON GLI ANALISTI DI SETTORE
[email protected]
RELAZIONI CON GLI INVESTITORI
[email protected]