Win32/Renocide, a malware program, plants copies of itself in shared folders of file-sharing applications and disguises them as titles of popular games and apps currently shared on popular torrent sites. So Microsoft this week used its Malicious Software Removal Tool to take out the threat, which dates back to at least 2005.

More on Renocide

It is a backdoor-enabled worm that spreads through removable drives, network shares and popular file-sharing applications. It drops copies of itself on all removable drives. It also spreads by scanning machines on an infected computer’s local network and pasting a copy of a file called autorun.inf, which many versions of Windows automatically execute when the drive is attached.

How does the infection take place?

It infects the network by scanning the local network using the subnet mask 255.255.0.0 and looking for writeable shares where it can copy itself. It also uses the NETBIOS protocol to look for machines in the local network where it can plant copies of itself.

It can also cause infected machines to connect to remote servers over Internet Relay Chat. In this way  hackers, can send commands  and download other malicious programs. According to Microsoft, Renocide also attempts to monitor the IP address of the infected machine using whatismyip.com. In this way it can tell where the machine has been and whether or not it would be worth sending the worm to that site as well.

Malware Rankings

So let’s look at Microsoft’s rankings of recent malware programs and how many machines have been infected.

Here is a list of the Malwares detected.

Chart 1 – Win32/Renocide, detected files

——————————————-

Chart 2 – Win32/Renocide, infected machines

kirim ke teman | versi cetak | Versi PDF