Death of the Nothing Doing Worm

We’ve been following it’s evolution, however it seems the last version only has one additional feature: it can update itself to the latest version. It does this by exploiting the adodb.stream vulnerability in Internet Explorer to download a file from several hosts which contain instructions on the location of the new version. Although BitDefender detects this e-threat since January under the name VBS.Worm.Runauto.E it has not changed ever since. Seems like it’s development stopped at version 10.0.

 

Nevertheless, this weeks malware evolution hasn’t stopped with our friendly worm. Next we will look at a worm called Win32.Antiman.N. If infected with it, the victim will surely be ridden of a certain genre of music called “manele”. It searches the entire hard disk for most “manele” artists and and will delete them. Next it will add a lot of entries to the %windir%system32drivershosts  file to block social networking websites, like hi5 and netlog, and many free download websites that provide this genre of music. It will also send itself to the whole Yahoo Messenger list using a set number of strings in Romanian language that state something like: