Autorun Worm Invades Zip


Recommended Posts

Autorun Worm Invades ZIP

6:15 pm (UTC-7) | by Alice Decker (Advanced Threats Researcher)

Stealth technique used by malware is considered a core characteristic which has been developed, improved, redesigned, and reused. Michael Tants, Threat Researcher at Regional TrendLabs in Europe, has notified us of a worm that has a unique way of hiding: on infection, WORM_AUTORUN.JFZ writes a copy of itself in every ZIP-compressed file it finds on a system.

When WORM_AUTORUN.JFZ places a copy of itself in an archive, it uses double extension by adding .GIF and .SCR.

The .GIF extension is used as its social engineering factor. Curious users who still have their default configurations set in Windows Explorer (where the extension of known file types is hidden) may have an unpleasant experience once they double-click on the purported image file. The .SCR extension, on the other hand, makes it an executable file.

TrendLabs for more detail & screenshot - http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...