W32/VBNA-X
W32/VBNA-X is a dangerous worm that is designed to spread from one computer to another by using removable drives and poorly secured network connections. This dangerous worm, that has numerous variants and aliases, has carried out an increasing number of attacks in the last year. Other common detection names for W32/VBNA-X include W32/Autorun.worm.aaeb and Changeup. The W32/VBNA-X version of this worm is just the latest in a number of variants of what has become a well known worm infection that has been steadily improved by the criminals responsible for this malware threat. W32/VBNA-X has some characteristics that make its attack more aggressive than previous versions of this dangerous malware attacker.
Although W32/VBNA-X is technically a worm, W32/VBNA-X also uses some tactics that are more typical of Trojan attacks. For example, W32/VBNA-X can spread through a network and by exploiting autorun.inf files on removable media drives. However, these tactics are no longer as effective as before since a Windows update released in February of 2011 fixed a common Autorun exploit that criminals used to spread malware like W32/VBNA-X. In the case of this latest version of the W32/VBNA-X worm, criminals have incorporated a social engineering scam that convinces victims to click and run the malware infection itself, a tactic that is commonly associated with Trojans rather than with worms. In fact, Trojans receive their name because of this tactic since, like the Trojan Horse from the Illiad, they convince the victim to open the malware by making them think that it contains a benign file.
During its attack, this latest version of W32/VBNA-X hides the files on the removable memory device and also makes changes to the Windows Registry that prevent these hidden files from appearing. Then, W32/VBNA-X creates copies of itself named porn, sexy, passwords and secret, all of which are EXE files. Then, W32/VBNA-X will make a copy of itself corresponding to each file and folder stored on the infected memory device. Finally, the social engineering tactic involves changing the icon of copies itself to match the standard folder icon used by the victim's operating system. Since extensions will not be showed, this makes the victim believe that a folder is being opened rather than an executable file. Once installed, the W32/VBNA-X worm will connect to a remote server so W32/VBNA-X can download additional malware onto the infected computer.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | Secret.exe | |
| 2. | Porn.exe | |
| 3. | Passwords.exe | |
| 4. | Sexy.exe | |
| 5. | x.mpeg | |
| 6. |
C:\Documents and Settings\ |
|
| 7. | %UserProfile%\[RANDOM CHARACTERS] /[RANDOM CHARACTERS] |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.