Attention: The New Worm Spybot.AKB Infects P2PAdded: Tuesday, February 23rd, 2010
Category: About Torrents > Staying Safe And Secure
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Canada, utorrent, bitcomet, Windows, extratorrent, 2010, www.extrattorrent.com, spybot.akb, worm
Users of Vista and Win 7 may skip this – the worm doesn’t affect those platforms. But if you run 95, 98, ME, NT, 2000, XP or 2003, please, be alert: once activated, it infects and redirects such browsers as Chrome and Firefox to some websites using user’s search terms.
The worm is written in Visual C++ v5 and is 419,328 bytes in size.
According to a research of PandaLab, Spybot.AKB is the worm installing an extension of above mentioned browsers in the affected computer in order to monitor the searches users carry out, and redirect them to websites containing malware.
Besides, Spybot.AKB is the latest worm distributing itself through Direct Connect-style peer-to-peer networks, now passing itself off creating name brand .exe files in the user’s “shared” folders.
“Shared” folders of the following peer-to-peer programs are affected:
The details are following:
The worm propagates by distributing in email messages which seem to have an invitation to Twitter and creating copies of itself in the peer-to-peer programs’ “shared” folders presenting itself as interesting applications like “Absolute Video Converter 6.2.exe”. So the users looking for such programs can download and run the copy of the worm.
Spybot.AKB does not show any warnings or messages indicating that it has reached the computer, so it’s quite difficult to recognize. But when the worm disseminates via email, you can easily recognize it because it often looks like a message below – a false invitation:
Don’t run it at all, as even if you then choose the Uninstall or Disable option, the file remains memory resident.
Its real purpose is to redirect to the different websites to download more malware, as it activates when users do searches containing certain text strings.
Meanwhile, the worm carries out some other actions intended to drop the security level, like adding itself to Windows firewall authorized applications to bypass it, disabling error reporting service and User Access Control service. It also creates the files GOOGLEUPDATES.EXE (copy of itself) and GNOTE.EXE in the Windows system directory.
Please check if your computer is infected by scanning it using antivirus (now only Panda seems to be able to detect it, but we hope soon all the others join the team). After detecting and deleting the worm make sure to erase it from the _Restore folder as well.
The last recommendation is to switch from Direct Connect peer-to-peer networks to Usenet or BitTorrent. It seems not to be a safe place anymore with malware headaches copyright violating investigations.
February 23rd, 2010Posted by:
Tuesday, February 23rd, 2010
|thanks SaM FOR THE INFO ET ALWAYS ON TOP|
|Thanks for the info. Limewire people still using it wow.|
|Thanks Sam doesn't affect me but I know some it may. Funny didn't even know some of those p2p sites were still around.|
|posted by (2010-02-23 20:14:22)|
|thx for the nfo sam, one question...u mentioned it is installing extentions to firefox and chrome, does it also affects opera and furthermore utorrent client. my pc is running fine at the mo, was wonderin if i would require ny further protection. cheerz|
|posted by (2010-02-23 22:59:29)|
|thanks for the info|
|posted by (2010-02-23 23:12:59)|
|Yah!! Another reason I use Utorrent|
|posted by (2010-02-24 02:11:55)|
|thankz for the update|
|great i think i have that thx sam(:|
|posted by (2010-02-24 06:05:45)|
|Thanks for the heads up SAM.|
|Good read. Thanks for the ehads up. Much love. :)|
|posted by (2010-02-24 08:57:46)|
|thanks sam for the info|
|posted by (2010-02-24 10:31:57)|
|Cheers for the info sam .. cant really see why ppl use programs such as limewire I certainly dont .. never have never will ... but thanks for the heads up worth knowing :)|
|Thanks for the heads up Sam! I'm a user of Limewire before but haven't used it since the start of torrent world. Guess I'll have to remove it on my PC just in case. Does it affect Flashget users too?|
|BIG THX Sam! Don`t any of programs listed, still very interesting!|
|Ill keep my eye out for this 1..Thx for the info sam!|
|thanks for the heads up sam will keep a look out|
|posted by (2010-02-24 22:52:28)|
|Thanks for the info.|
|posted by (2010-02-25 01:04:44)|
|Thank you for the post!|
|posted by (2010-02-25 10:28:46)|
|Thanks SaM for the info BTW i use uttorrent the best|
|posted by (2010-02-26 15:56:05)|
Most Popular Stories