If you are used to sharing data over the Internet
or your enterprise's intranet, apply caution! A network worm that will eventually
bring in dangerous Trojans to your computer, is on the prowl.
Security Analysts
at MicroWorld Technologies inform that 'Win32.Detnat.a'
is a Network worm that infects uncompressed PE (Portable Executable) files. With
its unique algorithm and polymorphic nature, the worm employs a different mode
of encryption each time it infects a file, while keeping the file size unchanged,
making it hard to detect.
Detnat.a spreads on shared network resources and
file sharing programs. At the second level of attack, the worm goes ahead and
downloads 'Infostealer.Lineage', a Trojan that steals usernames and passwords
of popular online game 'Lineage' and passes it on to the remote attacker. With
its dynamic nature, Detnat can invite any other Trojan as well, if the writer
of the worm decides so.
"One needs to be extremely careful while downloading
executable attachments via emails or from the Internet," said Aneesh Paliwal,
Security Analyst, MicroWorld Technologies. "A
single infection in a workstation can proliferate wide in shared networks in no
time and people using file sharing programs are particularly vulnerable to this
mode of data corruption and theft."
Individual Users and subgroups
can freely exchange files in the internal networks of most organizations. This
makes it easier for the spreading routine of a worm like Detnat. If the worm stations
itself in the startup folder of the workstation connected to a network, then it
will come back every time when that computer reboots, even if one cleans up the
entire network. In a more targeted operation, an attacker hitting the Server can
ensure that every user logging on to that Server gets infected, pointed out Aneesh
Paliwal .
In March, MicroWorld had reported about the Antinny worm which
infects the Japanese file sharing program Winny. Top-secret military information,
business documents of hundreds of corporate firms, confidential data of 'Liberal
Democratic Party' and a thousand others were all floating over the Internet, creating
an enormous flood of information leakage in Japan, thanks to Antinny.
"A
large number of new and emerging Viruses and worms are targeting enterprises and
their external and internal networks, to carry out a whole lot of nefarious activities,"
observed Govind Rammurthy, CEO, MicroWorld Technologies.
"Often, malware creeps in through those vulnerabilities that we tend
to overlook. One needs to safeguard the corporate email system, intranet and total
Internet Access with great vigil as network infections can severely impact the
Business Continuity of enterprises."
MicroWorld
MicroWorld
(www.mwti.net ) is the developer of the world's
first Real-Time Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security software,
MailScan is the first comprehensive e-mail scanner for your SMTP/POP3
Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology underlying these products,
powering them to several certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red
Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive security for your systems.
For network security of enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
