Hjem  Nyheter  Produkter & tjenester  Virus & sikkerhet  Support  Nedlasting  Forhandler  Kjøp
Velg land
Velg produkt
Verktøy for virusfjerning
Virus descriptions
Nyeste virusbeskrivelser
Norman SandBox-teknologi
Detekterte virus - oversikt
Send virus
Antivirus testfil
Virusadvarsler på din egen web
Sikkerhetsinformasjon
Sikkerhetsnyheter og -anbefalinger
Sikkerhetsartikler
Security blog
- Archive
 SNARVEIER:
Påmelding til mailinglister
Mine Norman-bokmerker
Virus & sikkerhet » Security blog
Security blog
Norman's Security blog

W32/PassChange.A worm changes Windows password

Blogger:
Snorre Fagerland

Senior Virus Analyst

Latest entries:
W32/PassChange.A worm changes Windows password
S(ilent)afari now S(ecure)afari?
Follow up: AMTSO Releases the first two documents
AMTSO Releases the first two documents
(A)Live MSN Phishing
>> mer
RSS feed
Norman's Security blog Subscribe to RSS feed
2008.11.21

Today the Norman malware lab received a sample of a worm that changes the Windows password of the logged on user. Obviously, this can be quite annoying. However, this variant uses a static password : “H3H3H3”.

The worm was submitted from Indonesia, and is what is called an “autorun” worm – it copies itself to available drives and adds an autorun.inf file so as to be run automatically when f.ex. a removable drive is accessed. This is a quite common infection method.

File size : 327680 bytes
MD5 hash : e3ba28cf84a53a6ddd4f28f82acd0afe

File names used by the worm:
updater.exe
isass.exe
klmcodec568.exe

Additional files added:
change.vbs
autorun.inf

This worm will be detected as W32/PassChange.A by Norman Virus Control using defs from today, Nov. 21. 2008 or later.
 

Norman er blant verdens ledende firma innen datasikkerhet. Med produkter som antivirus (viruskontroll), antispam, antiadware og personlig brannmur, spiller selskapet en viktig rolle i dataindustrien.