H-Worm

By CagedTech in Worms

H-Worm is a threat that has been around now for a couple of years. H-Worm is also known as Houdini due to its creator's alias. H-Worm is a VBS (Visual Basic Script) threat infection that is designed to take control over an infected computer. H-Worm is classified as a RAT (Remote Access Trojan). RATs are used to take control of a computer from a remote location. Malware analysts suspect that the author of H-Worm, an individual naming himself or herself 'Houdini' is located in Algeria. Due to similarities in their code, it is likely that H-Worm has some connections to Njw0rm and njRAT/LV, both created by an individual going by the name of njq8. H-Worm is a harmful, high-level threat. H-Worm has been used in targeted attacks against important international agencies in the energy sector. H-Worm is being used in various common spam email attacks on individuals.

How H-Worm Attacks Your Computer

H-Worm is a simple VBS file that may be contained in an executable file. In some cases, the H-Worm file is heavily obfuscated. There are numerous different examples of H-Worm delivery, using different levels of obfuscation ranging from nearly no attempts to hide H-Worm to cleverly executed social engineering attacks which hide H-Worm in the guise of a standard PDF file or even as a Microsoft Office document. Once H-Worm is installed, it establishes a connection with a remote server, sending identification information and retrieving its commands.

H-Worm may be used to carry out a number of operations on the targeted computer. Once H-Worm has been installed, H-Worm essentially lets a remote individual control the affected computer from afar. H-Worm may be used to download and install other files, as well any number of other possible applications, execute programs, delete data and collect data from the affected computer. Once H-Worm has been installed, H-Worm may be very difficult to detect because the remote attack may manipulate the affected computer in order to hide the presence of H-Worm from the targeted computer user.

How H-Worm is Controlled

One of the reasons why H-Worm has been so popular is because H-Worm has a well-executed control interface that allows third parties control H-Worm easily even if they do not have advanced computer knowledge. H-Worm also may collect passwords automatically and spread using USB devices and other external memory devices. H-Worm's author, going by the name of Houdini, advertises H-Worm using a demonstration video. This video, both in French and Arabic, contains several clues that make it likely that Houdini is based in Algeria. The H-Worm video shows off H-Worm's user interface and its various features.

Protecting Your Computer from H-Worm

The best way to protect your computer from an H-Worm attack is to ensure that your machine is protected by up to date security software from a reliable developer. H-Worm has been around for a couple of years, meaning that most security programs should be able to intercept a H-Worm attack if they are properly updated and used to scan the computer consistently. Computer users should be educated to be able to spot phishing emails and similar social engineering tactics. H-Worm may be delivered as a corrupted email attachment or embedded link. Computer users should never open this kind of content, especially in an enterprise environment where H-Worm can quickly spread throughout a network. Since H-Worm has been used in attacks against the international energy industry consistently, computer users involved in some way in this sector should take extra precautions to protect their computers from attack.

Trending

Most Viewed

Loading...