WORM_MORCUT.A
Posted: August 27, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 18 |
First Seen: | August 27, 2012 |
---|---|
OS(es) Affected: | Windows |
WORM_MORCUT.A is a variant of a Crisis or Morcut worm, a self-propagating PC threat with a feature set focused largely on stealing confidential information. The latest WORM_MORCUT.A attacks are indicative of initial infections being achieved through browser-based Java applets that may be loaded on harmful or compromised websites. SpywareRemove.com malware researchers also stress that WORM_MORCUT.A, unlike most PC threats, has noticeable cross-OS compatibility, and is more than capable of attacking Mac-based OSes, Windows OSes and even Virtual Machine (VM) environments. All variants of Morcut, including WORM_MORCUT.A, should be considered capable of compromising passwords, contact information and other personal data, and it's recommended that you use anti-malware software to uncover and delete all copies of a WORM_MORCUT.A infection.
How WORM_MORCUT.A Gets Around with the Greatest of Ease
WORM_MORCUT.A's initial installation can occur through several means, as noted below:
- WORM_MORCUT.A may be installed by the hostile Java applet JAVA_AGENT.NTW. Such applets are often hosted on hacked or malicious sites, although SpywareRemove.com malware researchers have also seen cases where other Trojans have loaded malicious applets automatically. Disabling Java by default and keeping strong browser security can help to protect against this method of WORM_MORCUT.A's installation.
- On an already infected PC, WORM_MORCUT.A may create hidden copies of itself in removable or network-accessible locations. These copies of WORM_MORCUT.A can install themselves on any uninfected computer that accesses the folder or drive; consequentially, you should avoid sharing USB devices or local network-shared folders until WORM_MORCUT.A is deleted.
WORM_MORCUT.A is of interest to PC security professionals due to its ability to load in Virtual Machine (self-contained 'simulation' operating systems that run within secondary OSes) environments, as well as use VMware virtual disks as an additional vehicle for its own propagation by using a malicious DLL component, TROJ_MORCUT.A. Since VM environments are often safe from unsophisticated PC threats and many malware authors explicitly avoid allowing their malware to launch in Virtual Machines, WORM_MORCUT.A may very well represent an upgrade in strategy for how criminals deal with VM environments and analysis by PC security companies.
Tackling the Trouble of WORM_MORCUT.A Once It's Already Inside
Other than its ability to infect VMs, WORM_MORCUT.A's functions are relatively typical for PC threats of its type. WORM_MORCUT.A's attacks orient themselves around the goal of stealing personal information through the following methods:
- Keylogging, which allows WORM_MORCUT.A to record all typed information on your keyboard to a hidden log file. This includes passwords, user account names, etc.
- Screen grabbing and webcam-monitoring, which let WORM_MORCUT.A take screenshots or even live recordings of your visual display.
- Stolen address book entries (phone numbers, street addresses, e-mail addresses).
- Monitored browser activities (which URLs are loaded, the duration of a website visit, etc). SpywareRemove.com malware research team emphasizes that such functions are often used by PC threats with aspirations of stealing bank account info as a means of altering official bank web pages to include unsafe content.
Because WORM_MORCUT.A includes multiple components and can create copies of itself, SpywareRemove.com malware experts discourage attempts to isolate and remove WORM_MORCUT.A individually. Instead, anti-malware software should be used to scan for and delete every component of WORM_MORCUT.A regardless of its location.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:win.exe
File name: win.exeSize: 1.04 MB (1043456 bytes)
MD5: ae8d4770ef02373d7680f160e01e8668
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 29, 2012
file.exe
File name: file.exeSize: 700.38 KB (700389 bytes)
MD5: cc47dbe9f836127ad9480efde14029fd
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 29, 2012
eiYNz1gd.Cfp
File name: eiYNz1gd.CfpMime Type: unknown/Cfp
Group: Malware file
IZsROY7X.-MP
File name: IZsROY7X.-MPMime Type: unknown/-MP
Group: Malware file
t2HBeaM5.OUk
File name: t2HBeaM5.OUkMime Type: unknown/OUk
Group: Malware file
6EaqyFfo.zIK
File name: 6EaqyFfo.zIKMime Type: unknown/zIK
Group: Malware file
WeP1xpBU.wA
File name: WeP1xpBU.wAMime Type: unknown/wA
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.