"Obama Worm" Decoded and Killed by AVG and Avast!

Adware - Spyware : "Obama Worm" Decoded and Killed by AVG and Avast!

Posted by Max on 2009/2/2 13:26:54 (910 reads)

Internet security vendors were put on alert as news of a computer threat, dubbed "The Obama worm", spread across the industry earlier this week. The "Obama worm" was discovered on the network of a K-12 school and first reported by Walling Data, North America's top distributor of AVG Internet Security Products. Only on Mondays a semi-transparent image of the President's face pops up in the bottom right hand corner of infected computers. The threat is more of nuisance than a serious threat but can completely destroy a machine's ability to function.

Until Friday January 30th, no security vendors detected the worm.

"We were able to confirm via internal testing and virustotal.com that the 'Obama Worm' is now detected by AVG Internet Security products, as well as avast! Security products," said Luke Walling, Founder and President of Walling Data. "AVG is identifying the threat as Generic_c.ADYY, avast! identifies it as Win32:Rootkit-gen."

Walling Data revealed what it knows about the "Obama worm" so far and what has been submitted to all security vendors.

1.The threat appears to have been introduced to the school's network via the use of a USB flash drive or possibly from e-mail.
2.The Obama worm replicates via USB storage devices and network shares.
3.The worm's behavior indicates that it is more of a nuisance than a threat to sensitive data as there are changes to exe/bat/vbs shell extensions (i.e. breaking exe files) and it replicates to a large number of folders on the local computer.
4.On Mondays only, it will depict President Obama's face in the lower right corner.

The threat is unlikely to remain isolated, as it can be easily spread through the use of external devices, like USB flash drives. Schools and small businesses are especially susceptible because they often allow the use of such devices broadly.

About Walling Data:
Walling Data represents a group of divisions that offer technology distribution and support services throughout North America, traditional break/fix repair services from its two office locations in Catawba and Iredell Counties in North Carolina, as well as Virtual IT department outsourcing via its Guaranteed IT managed services program. Learn more at www.wallingdata.com and www.avgantivirus.com .

Previous article - Next article

Other articles
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications
2010/1/19 15:53:17 - OpenVAS, the New Open Source Vulnerability Scanner
2010/1/7 5:40:00 - Beware of Rogue Antispyware Named Eco AntiVirus. It's a FAKE
2010/1/7 5:30:00 - Blue Coat's K9 FREE Web Filtering Product Expands to Windows 7
2010/1/6 5:40:00 - NEW Ares P2P Windows 7 Release. Official Release of The Popular P2P Program, Ares.
2010/1/6 5:20:56 - Top 10 Malware Threats for December Presented By Sunbelt Software
2010/1/6 4:53:11 - New Service Shows WHO Installed Spyware on Your PC
2010/1/6 4:45:28 - Overweight Adults Respond More To Weight Loss Spam E-mails
2009/12/30 12:34:17 - Novosoft Provides 20% Discounts and Holidays Gifts on Handy Backup. FREE LICENSES INSIDE !

The comments are owned by the poster. We aren't responsible for their content.