Brontok (computer worm)
Encyclopedia
Brontok is a computer virus
. Variants include:
. The name refers to Elang brontok, a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "miss with someone/thing"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows
, by creating a registry entry in the
key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer
settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.
The computer also restarts when trying to open the Command Prompt
in Windows and prevents the user from downloading files. It also pop ups the default Web browser and loads a web page
(HTML
) which is located in the "My Pictures" (or on Windows Vista
, "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.
[By: H [REMOVED] Community] -- stop the collapse in this country --
1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs
Port (Send to "Nusakambangan") --
2.no Free Sex, Abortion, & Prostitution (Go To HELL)
3.Stop (sea and river pollution), forest burning, & wild hunting.
4.SAY NO TO DRUGS!!! - THE END IS NEAR -
5. Do you think you're smart?
Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: H [REMOVED] unity --
It also contains a JavaScript
pop-up
.
The worm also carried out a ping flood
attack on two websites: israel.gov.il
and playboy.com
. This virus may be an example of Hacktivism
. Brontok inspired the creation of a more persistent trojan / worm such as Daprosy Worm
which attacked internet cafes on July 2009.
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
. Variants include:
- Brontok.D
- Brontok.F
- Brontok.G
- Brontok.H
- Brontok.I
- Brontok.K
- Brontok.Q
Other names
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, W32.Rontokbro.D@mm., I-Worm.VB.DV,opopopopoDescription
Brontok originated in IndonesiaIndonesia
Indonesia , officially the Republic of Indonesia , is a country in Southeast Asia and Oceania. Indonesia is an archipelago comprising approximately 13,000 islands. It has 33 provinces with over 238 million people, and is the world's fourth most populous country. Indonesia is a republic, with an...
. The name refers to Elang brontok, a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "miss with someone/thing"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, by creating a registry entry in the
HKLM\Software\Microsoft\Windows\CurrentVersion\Run registryWindows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer
Windows Explorer
This article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...
settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.
The computer also restarts when trying to open the Command Prompt
Command Prompt
Command Prompt is the Microsoft-supplied command-line interpreter on OS/2, Windows CE and on Windows NT-based operating systems...
in Windows and prevents the user from downloading files. It also pop ups the default Web browser and loads a web page
Web page
A web page or webpage is a document or information resource that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a monitor or mobile device. This information is usually in HTML or XHTML format, and may provide navigation to other web pages via hypertext...
(HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
) which is located in the "My Pictures" (or on Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
, "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.
Removal
Brontok can be removed by most up to date anti-virus solutions although there are various standalone tools available;- Brontok removal tool released by SophosSophosSophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways....
Origin
The virus/email moha66 itself contains a message in Indonesian (and some broken English). When translated, this reads:[By: H [REMOVED] Community] -- stop the collapse in this country --
1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs
Port (Send to "Nusakambangan") --
2.no Free Sex, Abortion, & Prostitution (Go To HELL)
3.Stop (sea and river pollution), forest burning, & wild hunting.
4.SAY NO TO DRUGS!!! - THE END IS NEAR -
5. Do you think you're smart?
Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: H [REMOVED] unity --
It also contains a JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
pop-up
Pop-up ad
Pop-up ads or pop-ups are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements...
.
The worm also carried out a ping flood
Ping flood
A ping flood is a simple denial-of-service attack where the attacker/s overwhelms the victim with ICMP Echo Request packets. It is most successful if the attacker has more bandwidth than the victim...
attack on two websites: israel.gov.il
Israel
The State of Israel is a parliamentary republic located in the Middle East, along the eastern shore of the Mediterranean Sea...
and playboy.com
Playboy
Playboy is an American men's magazine that features photographs of nude women as well as journalism and fiction. It was founded in Chicago in 1953 by Hugh Hefner and his associates, and funded in part by a $1,000 loan from Hefner's mother. The magazine has grown into Playboy Enterprises, Inc., with...
. This virus may be an example of Hacktivism
Hacktivism
Hacktivism is the use of computers and computer networks as a means of protest to promote political ends. The term was first coined in 1994 by a member of the Cult of the Dead Cow hacker collective named Omega...
. Brontok inspired the creation of a more persistent trojan / worm such as Daprosy Worm
Daprosy Worm
Daprosy worm is a malicious computer program that spreads via local area network connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders...
which attacked internet cafes on July 2009.