SophosLabs blog

This afternoon I analysed a bog standard auto run worm. In fact, a less than bog standard auto run worm, in so much as that this one fails to copy itself to removable devices. Despite this, the one interesting thing about the worm in question is the name it uses.

W32/Autorun-AH copies itself to the user’s system as kaspersky.exe. This is just one of the many examples we’ve seen of the bad guys using good guy names for their malware. The author of the worm obviously didn’t put too much effort into trying to dupe users though, as he (or indeed she, although let’s face it, women usually have better things to do with their time) has given the file a Windows Media icon, so there isn’t too much chance of anyone *really* suspecting that it’s a genuine anti-virus program.

In the words of the immortal Bard; ” ‘Tis but thy name that is my enemy..”

Posted on January 7th, 2008 by Zoe Markham, SophosLabs
Filed under: Malware

                                         

Free virus scan - Download the Sophos Threat Detection Test

Related posts

• Sex Thrills And Kills
• Thank You And By The Way, You’re Infected
• W32/Pahati-A: New month, old tricks
• Picture Picture in the Worm
• Stration author gets “Muppet of the Day” award