Jalabed Worm Attacks AntiVirus Software

March 14, 2006

The reports about ‘Jalabed.b’ or ‘Saros.C’ worm have been appearing in a section of the media from March 8, 2006 onwards, which is a three good weeks after MicroWorld updated their Virus database on the same worm.

 

‘Jalabed.b’ is an email worm with backdoor capabilities that attacks and disables security tools like AntiVirus and Firewall on the infected computer. The worm also blocks access to websites of most of the AntiVirus firms.

 

At the first level of attack it comes through emails with subject lines, Are you stupid or something like that?, Bill Gates is dead, Blacklist, Help me to find a song, Got a check from Microsoft and more. After infecting a computer in a network, it’s got a multi-pronged strategy for the second level of proliferation, via networks, Peer-to-peer file sharing programs (P2P) and mIRC chat.

 

“We had released the cure for ‘Jalabed’ on February 16 itself. This worm attains significance as it stops the update procedure of some of the AntiVirus softwares and thereby leaving computers vulnerable for further attacks. Though an increased traffic of jalabed is detected in the last few days, users who update MicroWorld software regularly, have nothing to worry about,” says Arti Taru, Assistant Manager, R&D, MicroWorld Technologies.