W32.Brontok worm behind mayhem
6th June 2006 (NST)

KUALA LUMPUR: W32.Brontok. This is the computer virus that has sunk the spirits of Malaysian computer users after causing mayhem at two universities and countless offices and homes nationwide.

The Malaysian Computer Emergency Response Team (MyCERT) has posted an alert on the virus to ensure net users are aware of the do's and dont's relating to it.

National ICT Security and Emergency Response Centre (Niser) director Lt Kol (R) Husin Jazri said more than 10 cases had been reported to the organisation by the private sector since early this year.

He said neither Universiti Malaya nor Universiti Teknologi Malaysia which had seen thousands of pages of assignments and course notes erased over the recent past had reported the matter to Niser.

The W32.Brontok worm was first discovered on Sept 23 last year.

He said MyCERT had posted recovery steps in the alert at http://www.mycert.org.my/advisory/MA-104.032006.html.

These measures had been proven effective afer being issued twice on March 22 and on May 2 this year.

The W32.Brontok is a mass-mailing worm that infects computers and USBs/Pen Drives.

"Most anti-virus vendors had rated the W32.Brontok worm as low in threat assessment, medium in potential damage associated to the worm and high in distribution of the worm."

He added that the worm spread through email attachments and file- sharing over the network.

The characteristics of this worm, with regard to file names, folders created and port numbers used would differ from one variant to another.

In this respect, he said MyCERT had advised users and organisations to update their anti-virus software with the latest signature files.

Symptoms of infected computers, Husin explained, would be, among others, the removal of Folder Option on Windows Explorer and unusual instability of one's system.