Home  Notizie  Prodotti e servizi  Virus e sicurezza  Supporto  Download  Partner  Acquisto
Selezionare il paese
Selezionare il prodotto
Strumenti di rimozione di virus
Virus descriptions
Nuovi software maligni aggiunti
La tecnologia Norman SandBox
Elenco di virus rilevati
Invio di possibili virus
File di test antivirus
Notifiche di virus sul proprio sito Web
Informazioni sulla sicurezza
Notizie ed avvisi sulla sicurezza
Articoli sulla sicurzza
Security blog
- Archive
 SHORTCUTS:
Registrazione alla mailing list
Preferiti di Norman
Virus e sicurezza » Security blog
Security blog
Norman's Security blog

W32/PassChange.A worm changes Windows password

Blogger:
Snorre Fagerland

Senior Virus Analyst

Latest entries:
W32/PassChange.A worm changes Windows password
S(ilent)afari now S(ecure)afari?
Follow up: AMTSO Releases the first two documents
AMTSO Releases the first two documents
(A)Live MSN Phishing
>> per saperne di più
RSS feed
Norman's Security blog Subscribe to RSS feed
2008.11.21

Today the Norman malware lab received a sample of a worm that changes the Windows password of the logged on user. Obviously, this can be quite annoying. However, this variant uses a static password : “H3H3H3”.

The worm was submitted from Indonesia, and is what is called an “autorun” worm – it copies itself to available drives and adds an autorun.inf file so as to be run automatically when f.ex. a removable drive is accessed. This is a quite common infection method.

File size : 327680 bytes
MD5 hash : e3ba28cf84a53a6ddd4f28f82acd0afe

File names used by the worm:
updater.exe
isass.exe
klmcodec568.exe

Additional files added:
change.vbs
autorun.inf

This worm will be detected as W32/PassChange.A by Norman Virus Control using defs from today, Nov. 21. 2008 or later.
 

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.