Home / malware

PDF

Worm:Win32/Rimecud!inf

First posted on 15 February 2019.
Source: Microsoft

Aliases :

Worm:Win32/Rimecud!inf is also known as INF/Rimecud, Trojan.Win32.AutoRun.gm, W32/Aoturun.worm.aaj!inf, W32/P2Pworm.DD.worm, W32/Autorun-AST.

Explanation :

Installation Worm:Win32/Rimecud is a family of worms with multiple components that spreads via removable drives and instant messaging. It also contains backdoor functionality that allows unauthorized access to an affected machine. Spreads via… Removable drives
The spreading component of Win32/Rimecud sets up a device notification function, which gets called when a USB device is plugged in or removed from the system. For each fixed or removable drive found, the worm copies itself to the root directory of the located drive as "vshost.exe". The worm then writes an autorun configuration file named "autorun.inf" pointing to "vshost.exe":   vshost.exe - Worm:Win32/Rimecud
autorun.inf - Worm:Win32/Rimecud!inf   When the drive is accessed from a machine supporting the Autorun feature, the worm is launched automatically. Additional information For more information about Worm:Win32/Rimecud, see the description elsewhere in the encyclopedia.   Analysis by Lena Lin

Last update 15 February 2019

 

TOP