Browsing some internet forums, my eyes caught an entry talking
about a malware running in the .NET framework. Well, got the
sample and tested it if malicious then submitted to the Service
team for detection and further analysis. Trend will be detecting
this malware as WORM_NETSAD.A.
This malware will not work if your machine does not have the
.NET framework installed (for my testing, I used .NET framework
version 2.0). Just an overview of this malware, it can propagate
via peer-to-peer shares by dropping a copy of the malware in the
shared folders of popular peer-to-peer programs and can also
propagate via email. It may copy itself to the %system% (i.e.
“c:\windows\system32”) directory as notepad.exe so that running
notepad in the “RUN” command will execute the malware instead of
the normal notepad program. It also kills running processes related
to antivirus and firewall programs. Well the complete virus report
will be posted soon in Trend Micro Virus Info page, stay tuned.
Internet surfing can be exciting but just be cautious and be
aware of the security threats it brings. Don’t just trust anything
you click. If you receive a file from an untrusted source, try to
have it scanned by your antivirus. Lastly, please keep your
antivirus pattern files updated regularly.