SecurityHome.eu Worm:JS/Morph.A!lnk

Home / malware PDF

Worm:JS/Morph.A!lnk

First posted on 07 June 2012.
Source: Microsoft
Aliases :
Worm:JS/Morph.A!lnk is also known as Morph.A (Norman), Worm.JS.Morph (Ikarus), Mal/WormLnk-A (Sophos), LNK_MORPHE.SMI (Trend Micro).
Explanation :

Worm:JS/Morph.A!lnk is the detection for shortcut files created by Worm:JS/Morph.A.

Worm:JS/Morph.A attempts to spread itself across all accessible drives, including removable drives and network shares, as the following file:

<drive letter>%\M0rPheS.tpl

It creates the following shortcut files. If these shortcut files are run, they execute Worm:JS/Morph.A:

<drive Letter>\<folder name>.lnk

<start menu>\<folder name>.lnk

<start menu>\Program\<folder name>.lnk

<start menu>\ Programas\ <folder name> .lnk

%UserProfile%\Desktop\<folder name>.lnk

%UserProfile%\Start Menu\<folder name>.lnk

%UserProfile%\My Documents\<folder name>.lnk

where <folder name> is the name of any folder within the parent folder. It then marks the original folder as hidden, to mislead the user into thinking that the sohrtcut file is actually the folder.

For example, if the folder "F:\Folder001" exists, Worm:JS/Morph.A may create a shortcut file as "F:\Folder001.lnk", then hide the "F:\Folder001" folder.

Analysis by Wei Li

Last update 07 June 2012

TOP

Malware :

Last 20

Worm:JS/Morph.A!lnk

Aliases :

Explanation :

Malware :

Family: