Trojan.Brontok Infects a Single Computer 102,793 Times

A security researcher at Sunbelt conducted ThreatNet scan on a computer and found that it was infected by six malicious programs of which one, Trojan.Brontok, had 102,793 detections on a single system, as reported by Sunbelt blog on October 6, 2009.

The researcher wrote to several other security experts via e-mail saying that he only wanted to understand and verify if the incident was possible. Other security experts answered his query in the affirmative and added that a computer, which lacked appropriate malware protection, could even have already known malicious programs.

Describing Trojan Brontok, security specialists stated that it, also called Worm.Brontok, was a threat that fed on computers as it spread from one PC to another through e-mails having an attachment and dispatched to various host machines. To do that task, the worm collected e-mail addresses listed as contacts on the infected computers.

Normally, the message in the e-mail states that recipients need to see a photograph from the given 'Photo.zip' attachment. But when users open it, infection sets in which also prevents the user from eliminating the worm.

Besides, the Trojan creator always keeps his creation up-to-date so that no antivirus solution would succeed in removing 'Brontok' from the system. The worm disables System Configuration Function (msconfig.exe), registry Editor (regedit.exe) and Task Manager. When a user runs any of these functionalities, it restarts the system automatically. Furthermore, the malware propagates via USB drives, and perpetrators have used it in different denial-of-service attacks.

According to the security specialists, previously 'W32.Brontok' had upset computer users in Malaysia following it wreaking havoc at offices, universities and homes across the country. Characteristically, the worm's labeling of files and directories created and the port numbers utilized normally vary among its variants.

Finally, the specialists strongly suggested the removal of the program from infected systems. A highly common technique to remove spyware was to get the Brontok application uninstalled with the help of 'Add/Remove Programs' function. Despite that if some Brontok files still remained concealed, then the worm could reappear following of reboot function.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 10/27/2009