WORM_SILLY.SS Description

WORM_SILLY.SS is a dangerous worm infection that ESG security researchers have recently associated with social engineering attacks involving the United States presidential campaign. While the WORM_SILLY.SS behaves similarly to most AUTORUN worms, WORM_SILLY.SS has some particular attributes that set WORM_SILLY.SS apart from similar malware threats. The WORM_SILLY.SS’s file icon is the same icon Windows uses for folders. This means that computer users thinking that they are opening a folder are actually double clicking on the WORM_SILLY.SS’s executable file and running this malware threat. The WORM_SILLY.SS also has the capacity to create WORM_SILLY.SS own email server using SMTP (Simple Mail Transfer Protocol) in order to send out information on the infected computer to a remote party.

Although the WORM_SILLY.SS is not new, samples of this malware threat have been detected in the wild as recently as October of 2012. Files containing the WORM_SILLY.SS’s executable typically have names such as ‘Essay’, ‘Lecture Notes’, or ‘Portfolio’, which can appear as normal folders typically found in a removable memory drive due to the WORM_SILLY.SS’s unique file icon. To check for an active Internet connection, the WORM_SILLY.SS will attempt to connect to the Google search engine. ESG security researchers consider the WORM_SILLY.SS a severe threat to your privacy due to its ability to steal private information and then relay it via email to a remote party.

How WORM_SILLY.SS Spreads from One Computer to Another

Like most worms, the WORM_SILLY.SS has three ways in which WORM_SILLY.SS can infect a computer. The first of these is the most common distribution vector associated with this malware threat: removable memory devices. Using an Autorun file, the WORM_SILLY.SS can ensure that its malicious files are executed automatically as soon as the infected memory device is connected to a computer. Computer users may also infect their computer with the WORM_SILLY.SS by downloading WORM_SILLY.SS from the Internet. Often masked through a social engineering scam, the WORM_SILLY.SS can be disguised as an innocuous file that can appear attractive to inexperienced computer users. For example, there are versions of this worm being distributed as fake news items related to the 2012 presidential election in the United States. The third way in which WORM_SILLY.SS can infect a computer is in associated with other malware (some malware infections, typically known as droppers, are designed to install other malware without the victim’s knowledge).

Type: Worms

How Can You Detect WORM_SILLY.SS?

WORM_SILLY.SS Removal Details

WORM_SILLY.SS has typically the following processes in memory:

• portfolio.exe
• lecture notes.exe
• %User Profile%\gupd.exe
• essay.exe

WORM_SILLY.SS creates the following registry entries:

• HKEY_CURRENT_USER\Software\Chilkat Software, Inc.\ChilkatMail
• HKEY_LOCAL_MACHINE\SOFTWARE\Chilkat Software, Inc.
• HKEY_CURRENT_USER\Software\Chilkat Software, Inc.
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run gtalkupdate = “%User Profile%\gupd.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Chilkat Software, Inc.\ChilkatMailKey30 = “{RANDOM CHARACTERS}”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gtalkupdate
• HKEY_CURRENT_USER\Software\Chilkat Software, Inc.\ChilkatMailKey30 = “{RANDOM CHARACTERS}”
• HKEY_LOCAL_MACHINE\SOFTWARE\Chilkat Software, Inc.\ChilkatMail

Important Article Disclaimer