Brontok (computer worm)
From Wikipedia, the free encyclopedia
The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Variants of the Brontok worm include:
- Brontok.A
- Brontok.B
- Brontok.C
- Brontok.D
- Brontok.F
- Brontok.G
- Brontok.H
- Brontok.I
- Brontok.K
- Brontok.Q
Contents |
[edit] Other Names
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E.
[edit] Description
When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor and modifies Windows Explorer settings. In some variants, when a window is found containing certain strings in the window title, the computer reboots. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.
[edit] Origin
The virus/email itself contains a message in Indonesian (and some broken English) with an Islamist theme. When translated, this reads:
BRONTOK. A [By: H [REMOVED] Community] -- stop the collapse in this country -- 1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs Port (Send to "Nusakambangan") -- 2.Stop Free sex, Abortion, & Prostitution 3.Stop (pollution of sea & the river), the burning of the forest & the wild hunting. 4.SAY NO TO DRUGS!!! -- DOOMSDAY is CLOSE -- Terinspirasi by: the Brontok Eagle (Spizaetus Cirrhatus) that is almost extinct [By: H [REMOVED] unity --
The worm also carried out a ping flood attack on two websites: israel.gov.il and playboy.com. This virus may be an example of Hacktivism.
