WORM_KELIHOS.NB
Posted: April 18, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 9,982 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 1,403 |
| First Seen: | April 18, 2013 |
|---|---|
| Last Seen: | October 11, 2023 |
| OS(es) Affected: | Windows |
Very similar to recent RedKit Exploit Kit-based attacks that installed spyware, WORM_KELIHOS.NB is a variant of the Kelihos worm that is distributed through spam e-mail messages that appear to include links to videos about the Boston bombing of April 15th. Exposure to the site these links promote will expose your PC to a Blackhole Exploit Kit's drive-by-download attack, which may install WORM_KELIHOS.NB without needing your consent. WORM_KELIHOS.NB includes the self-distributing functions that SpywareRemove.com malware experts have expected of most worms, and also appears to target FTP account passwords for theft. In the event of any possible WORM_KELIHOS.NB attack, anti-malware software should scan both your default hard drive and any removable devices to remove WORM_KELIHOS.NB in its entirety.
WORM_KELIHOS.NB: When Spam Leaves a Bad Taste Behind
WORM_KELIHOS.NB, as a member of the Kelihos or Hlux botnet family, is well-known for including features that allow WORM_KELIHOS.NB to generate spam e-mail messages at high volumes by exploiting the resources of any already-infected computers. Attacks by this recent variant of Kelihos have taken a turn for the morbid, however, with WORM_KELIHOS.NB's e-mails being themed after the Boston Marathon bombing. WORM_KELIHOS.NB spam uses several different subject lines to convince any potential victims that the e-mail messages actually are offering videos related to that tragedy, in a strategy all but identical to similar RedKit Exploit Kit-based attacks.
Unlike the Redkit attacks, SpywareRemove.com malware experts found that sites promoted in WORM_KELIHOS.NB's spam e-mail links lead to a semi-functional video site that hosts a variant of the Blackhole Exploit Kit, one of the top malware delivery vehicles of 2012 (and, most likely, 2013). The Blackhole Exploit Kit analyzes the software on your PC to try to find a suitable vulnerability that can be used to download and install WORM_KELIHOS.NB automatically. Additionally, it should be mentioned that having outdated software drastically increases this risk.
Getting the Taste of a Worm Out of Your Mouth
WORM_KELIHOS.NB launches without your permission and will attack your PC without displaying any symptoms directly. SpywareRemove.com malware researchers caution that WORM_KELIHOS.NB may be used for other attacks but is particularly noteworthy for the following functions:
- WORM_KELIHOS.NB, like many worms, tries to distribute itself through removable devices (such as your USB flash drive). By concealing the original files on these devices and replacing them with a link that launches WORM_KELIHOS.NB before allowing the files to be accessed, WORM_KELIHOS.NB enables its easy installation on any other PC that tries to access the compromised device.
- WORM_KELIHOS.NB also steals accounts passwords, especially those that are associated with popular FTP management programs like FileZilla or LeapFTP.
- Besides passwords, WORM_KELIHOS.NB also harvests any e-mail addresses on your hard drive – most likely to acquire new spam targets.
Containing WORM_KELIHOS.NB by avoiding the needless distribution of potentially compromised removable devices always should be a top priority. Competent anti-malware programs should be able to delete WORM_KELIHOS.NB, both in its local and removable variant, as long as they're not impeded by related PC threats.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:boston.avi_____.exe
File name: boston.avi_____.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.