Home / malwarePDF  

Net-Worm:W32/Brontok.B


First posted on 18 June 2007.
Source: SecurityHome

Aliases :

Net-Worm:W32/Brontok.B is also known as Brontok.b, Worm.Win32.Brontok.b.

Explanation :

Net-Worm:W32/Brontok.B copies a file to the Windows folder, creates a Registry key to start the file automatically, and copies itself to startup folders.

Net-Worm:W32/Brontok.B disables certain features of the operating system.

On execution, the first noticeable characteristic from this malware is the termination of applications such as CMD, regedit, and other EXE files.

The following are the files being dropped:


To automatically start with Windows, the following registry entry is created:


Added registry entry:


It also modifies these registry entries with the following data:


Processes with the following strings are also terminated by this malware:


It may also open a browser attempting to connect to the following URLs:


It will also create AUTORUN.INF files and copy itself to available removable media (USB drives) to allow itself to propagate.

Furthermore, this malware will not do any system changes if its filename is any of the following:

Last update 18 June 2007

 

TOP

Malware :

Family: