WORM_VOBFUS.SMAC Description

WORM_VOBFUS.SMAC is a dangerous worm that can have severe consequences on an infected computer. WORM_VOBFUS.SMAC is detectably a new threat, and WORM_VOBFUS.SMAC belongs to a large group of worms known as AUTORUN worms due to the fact that they exploit Windows’ Autorun capabilities to ensure that their malicious executable files run automatically as soon as an infected memory drive is connected to a computer. While WORM_VOBFUS.SMAC attacks computers using the Windows operating system, most attacks involving WORM_VOBFUS.SMAC seem to be restricted to computers using the Windows XP operating system and earlier versions of the Windows OS.

WORM_VOBFUS.SMAC’s Distribution Vectors

The WORM_VOBFUS.SMAC worm can be distributed using three possible routes:

1. WORM_VOBFUS.SMAC can spread using removable memory devices such as USB drives and SD cards. Taking advantage of the AutoRun feature in many Windows operating systems, WORM_VOBFUS.SMAC is configured to make duplicates of itself on all drives connected to the infected computer as soon as WORM_VOBFUS.SMAC accesses the infected drive.
2. WORM_VOBFUS.SMAC can also be downloaded from unsafe websites, malicious email attachments or other online sources. In fact, this is the most common way in which computers become infected with WORM_VOBFUS.SMAC. Most notably, ESG security researchers have observed that WORM_VOBFUS.SMAC is distributed using social engineering methods that exploit trending news stories. This has been especially notorious with events surrounding the recent presidential campaigns in the United States, in which fake news stories and documents are distributed using malicious email messages. These can then contain either WORM_VOBFUS.SMAC itself or a dropper Trojan designed to install WORM_VOBFUS.SMAC on the infected computer.
3. Although WORM_VOBFUS.SMAC can distribute itself, unlike Trojan infections, WORM_VOBFUS.SMAC is also often installed on a victim’s computer through another malware threat. Because of this, WORM_VOBFUS.SMAC infections will rarely occur alone. If your computer has been infected with WORM_VOBFUS.SMAC, it is highly likely tht other malware has also been installed on your computer.

WORM_VOBFUS.SMAC has some tactics that make WORM_VOBFUS.SMAC particularly difficult to remove. The main trick that WORM_VOBFUS.SMAC uses is to create files with innocuous extensions such as MP3 or BMP. It also sets its folder status to hidden and creates dummy files to mislead computer users from the real files containing this dangerous threat.

Type: Worms

How Can You Detect WORM_VOBFUS.SMAC?

WORM_VOBFUS.SMAC Removal Details

WORM_VOBFUS.SMAC has typically the following processes in memory:

• Secret.exe
• Sexy.exe
• Passwords.exe
• %User Profile%\{RANDOM CHARACTERS}.exe
• Porn.exe

WORM_VOBFUS.SMAC creates the following files in the system:

• autorun.inf

WORM_VOBFUS.SMAC creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedShowSuperHidden = “0″
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUNoAutoUpdate = “1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {random} = “%User Profile%\{random}.exe /{random letter}”

Important Article Disclaimer