When it is first run, the worm displays a message ('The setup file is corrupted') to lull the user into a false sense of security. It then proceeds to download and install the RBot trojan. This done, the trojan begins to spread itself from the victim's computer using any of five file-sharing networks (Limewire, Shareaza, Bearshare, Morpheus or Morpheus Ultra) as a vector and a new name.
"The bit of evil genius here is that the name for each new copy of the worm is chosen at random from certain torrent and direct download sites,” declared Viorel Canja, head of the Antivirus Lab for BitDefender. “This way, the worm will always have an attractive name, so people will attempt to download and run it."
BitDefender users are not at risk and should let BitDefender antivirus disinfect the infected files (if any are found). A full technical description can be found here: http://www.bitdefender.com/
BitDefender is a leading global provider of security solutions that satisfy the protection requirements of today's computing environment. The company offers one of the industry's fastest and most effective lines of security software, setting new standards for threat prevention, timely detection and mitigation. BitDefender delivers products and services to over 41 million home and corporate users in more than 180 countries. BitDefender has offices in the United States, the United Kingdom, Germany, Spain and Romania. Further information about BitDefender can be obtained by visiting: http://www.bitdefender.com.
# # #
U.S. Media Contact:
Peter Gorman, Topaz Partners
Phone: +1 781-404-2430