Tuesday, April 04, 2006

Microsoft: MSRT News on Alcan, Mywife.E

Via The Microsoft Anti-Malware Engineering Team blog:

Each month, the Malicious Software Removal Tool runs on approximately 250 million computers, mainly via Windows Update and Automatic Updates. In February's release of the tool, we added the ability to detect and remove a worm called Win32/Alcan. We believed that Alcan would be moderately prevalent based on data from Windows Live Safety Center and Windows Live OneCare but we were genuinely surprised once we sifted through the data from the February release. During the course of that month, the tool detected Alcan (and, specifically, Alcan.B) on just over 250 thousand unique machines, easily the top detection for the month. Compare this to the Win32/Mywife.E worm (aka CME-24), which we removed from approximately 40 thousand computers in February.

Alcan.B does not exploit any software vulnerabilities. Instead, it spreads through popular peer to peer applications and its prevalence is likely due to effective social engineering. Specifically, when sharing copies of itself over a P2P network, to name the copies, it contacts several websites to look for the names of recent, popular program cracks. Thus, the worm's name is always relatively up-to-date and attractive to those surfing these networks for cracks. Also, when the worm is run, instead of displaying nothing or popping up 50 browser windows, it displays what appears to be a setup wizard window, as displayed in our write-up. When the user clicks next, an error message is displayed. Thus, the user is fooled into thinking that what he or she just ran was a buggy or incomplete program, not a worm.

More here.

0 Comments:

Post a Comment

<< Home