CHOD Worm

It has been observed that the variants of CHOD worm known as WORM_CHOD.A, WORM_CHOD.D, W32/Chode-E, W32.Chod@mm, Win32.Nochod.A, W32.Chod.B@mm, Win32.Nochod.B and Win32/Chod.B are rapidly spreading via email or instant messaging application like MSN messenger. This worm propagates by sending a copy of itself as an attachment to the email message to the addresses that it gathers from the compromised computer.

This worm continuously runs as a background process of the computer and tries to act as a backdoor server (on port number 37737 or random TCP port) which allows an attacker to gain access and take control over the system via IRC Channel.

Users are advised to update their Antivirus software to mitigate the risk. For further details refer to following URLs

• http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
  VName=WORM%5FCHOD%2ED&VSect=P
• http://www.sophos.com/virusinfo/analyses/w32chodee.html
• http://www.trendmicro.com/vinfo/virusencyclo/
  default5.asp?VName=WORM_CHOD.A
• http://www.trendmicro.com/vinfo/virusencyclo/
  default5.asp?VName=WORM_CHOD.b
• http://www.trendmicro.com/vinfo/virusencyclo/
  default5.asp?VName=WORM_CHOD.d
• http://secunia.com/virus_information/20411/chod.d/
• http://secunia.com/virus_information/16731/chod.b/
• http://www.sophos.com/virusinfo/analyses/
  w32chodeb.html
• http://vil.nai.com/vil/content/v_132338.htm
• http://www.cleanport.com/virus.php?id=957
• http://vic.zonelabs.com/tmpl/body/CA/
  virusDetails.jsp?VId=42188
• http://facetime.com/impactcenter/threatdetail.aspx?
  id=1025
• http://securityresponse.symantec.com/avcenter/
  venc/data/w32.chod.b@mm.html
• http://securityresponse.symantec.com/avcenter/
  venc/data/w32.chod.d.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003