Zhelatin mutants storm virus charts

By

Raft of new variants detected.

Zhelatin mutants storm virus charts
The Zhelatin virus is challenging Bagle and Warezov for the dubious honour of number one virus after eight new variants were detected in the past four days, security experts have warned.

Kaspersky Lab said that Zhelatin.s, .t and .u were detected on 8 February, while Zhelatin.v was detected on 9 February. Four more variants, .w to .z, were detected during the weekend of 10-11 February.

The most significant of these is Zhelatin.u, which Kaspersky Lab currently rates as a 'moderate' risk.

Zhelatin first appeared on 19 January and 26 variants have so far been detected by Kaspersky since 22 January.

Zhelatin.u spreads via email as an infected attachment. The subject line, message body and attachment are variable.

The worm itself is a Portable Executable, between 5KB and 54KB in size, packed with UPX. The worm copies itself to the hard disk and modifies the registry to load automatically on start-up.

The worm terminates a range of antivirus and firewall applications and adds a rule to the system firewall to prevent its own activity from being blocked.

It also launches an SMTP proxy server on TCP port 25, allowing a remote hacker to use the infected machine as part of a spam botnet.

Zhelatin.u registers itself on the remote site, sending the network address of the victim machine before downloading a file containing the botnet configuration. This file is used to get data from the victim machine and to send spam.

The worm uses a rootkit to hide its own processes, files and registry changes. Kaspersky detects this component as 'Email-Worm.Win32.Banwarum.f'.

David Emm, senior technology consultant at Kaspersky Lab, said: "Zhelatin.u is just a re-packed version of an earlier Zhelatin variant. It is broadly similar in behaviour to several earlier variants, although there are significant differences.

"The Proactive Defense Module in KAV 6.0 and KIS 6.0 is able to block this new threat without the need for new signatures. Nevertheless, we recommend that users update their antivirus databases as soon as possible."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
chartssecuritystormvirus

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?