Home / malware Worm:Win32/Vobfus.VS
First posted on 26 November 2013.
Source: MicrosoftAliases :
There are no other names known for Worm:Win32/Vobfus.VS.
Explanation :
Threat behavior Worm:Win32/Vobfus.VS is a member of Win32/Vobfus - a family of worms that spreads via network drives and removable drives. It may also download and execute arbitrary files.
Installation
Worm:Win32/Vobfus.VS creates the following files on your computer:
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zap10.tmp\microsoft.build.utilities.v3.5.dll
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\microsoft.build.tasks.dll
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\microsoft.build.tasks.v3.5.dll
Payload
Contacts remote hosts
Worm:Win32/Vobfus.VS may contact the following remote hosts:
- tools.google.com using port 80
- tools.google.com using port 443
Commonly, malware may contact a remote host for the following purposes:
- To confirm Internet connectivity
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 2976ca060301243a1c9347af61132844f68d33a2.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- The presence of the following files:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap10.tmp\microsoft.build.utilities.v3.5.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\microsoft.build.tasks.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\microsoft.build.tasks.v3.5.dllLast update 26 November 2013
