Worm WURMARK.J

It has been observed that variant of WURMARK worm known as WURMARK.Jwith aliasesMalware.b, W32.Lorac, Win32.Lanieca.A and Win32/Atak (Trend Micro) is spreading in the wild rapidly. It is a mass mailing worm propagates via email and uses its own SMTP engine to send emails to the email addresses harvested from the affected computer. It copies itself to the windows system folder as a random file name. It drops two random name DLL’s into windows system folder, one of the DLL is spyware program Known as TSPY_AGENT.C (Trend Micro).The second DLL is a keylogger program. It also creates an entry in windows registry to execute itself automatically every time when system is started.

For further details and instructions regarding disinfection refer to following URLs:

• http://www.sophos.com/virusinfo/analyses/w32wurmarkj.html
• http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
  VName=WORM%5FWURMARK%2EJ
• http://secunia.com/virus_information/17848/wurmark-j/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003