Home / malware

PDF

Worm:Win32/Vermis.gen!lnk

First posted on 25 May 2019.
Source: Microsoft

Aliases :

Worm:Win32/Vermis.gen!lnk is also known as LNK/Autorun, LNK/Rorpian.B!Camelot, Win32.HLLW.Autoruner.59834, Win32/Dorkbot.D worm, LNK/Dorkbot.D!tr, Trojan.WinLNK, Trojan.WinLNK.Runner.ea, Mal/DorkLnk-A, LNK_DORKBOT.SMCV.

Explanation :

Installation

Typically, this threat gets onto your PC from different malware families using .LNK or .INFfiles as entry point of execution.

.LNK is a file name extension that identifies shortcut files in Windows. .INF is a file name extension that identifies device information files, for example, those files containing scripts used to control hardware operations.

This threat is a component of the of worms, such as IRCBot, Phorpiex, Dorkbot, Caphaw, etc. Typically, the worm drops this component in the Windows Recycler, Trash, or removable drives.

Some examples of executable file locations:   RECYCLERxD80A89C7.exe recycler37e32d80.scr RECYCLEDe2a38afd.exe .Trashes3fdadef.com .Trashesc4894f11.exe .Trashese2a38afd.pif .TrasheDf9216981.exe Spreads through...

Typically, this threat gets installed onto your PC by other worms when you visit a compromised webpage.

Last update 25 May 2019

 

TOP