"Obama Worm" Decoded and Killed by AVG and Avast!

Adware - Spyware : "Obama Worm" Decoded and Killed by AVG and Avast!

Posted by Max on 2009/2/2 13:26:54 (814 reads)

Internet security vendors were put on alert as news of a computer threat, dubbed "The Obama worm", spread across the industry earlier this week. The "Obama worm" was discovered on the network of a K-12 school and first reported by Walling Data, North America's top distributor of AVG Internet Security Products. Only on Mondays a semi-transparent image of the President's face pops up in the bottom right hand corner of infected computers. The threat is more of nuisance than a serious threat but can completely destroy a machine's ability to function.

Until Friday January 30th, no security vendors detected the worm.

"We were able to confirm via internal testing and virustotal.com that the 'Obama Worm' is now detected by AVG Internet Security products, as well as avast! Security products," said Luke Walling, Founder and President of Walling Data. "AVG is identifying the threat as Generic_c.ADYY, avast! identifies it as Win32:Rootkit-gen."

Walling Data revealed what it knows about the "Obama worm" so far and what has been submitted to all security vendors.

1.The threat appears to have been introduced to the school's network via the use of a USB flash drive or possibly from e-mail.
2.The Obama worm replicates via USB storage devices and network shares.
3.The worm's behavior indicates that it is more of a nuisance than a threat to sensitive data as there are changes to exe/bat/vbs shell extensions (i.e. breaking exe files) and it replicates to a large number of folders on the local computer.
4.On Mondays only, it will depict President Obama's face in the lower right corner.

The threat is unlikely to remain isolated, as it can be easily spread through the use of external devices, like USB flash drives. Schools and small businesses are especially susceptible because they often allow the use of such devices broadly.

About Walling Data:
Walling Data represents a group of divisions that offer technology distribution and support services throughout North America, traditional break/fix repair services from its two office locations in Catawba and Iredell Counties in North Carolina, as well as Virtual IT department outsourcing via its Guaranteed IT managed services program. Learn more at www.wallingdata.com and www.avgantivirus.com .

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.