Brontok
   HOME

TheInfoList



Click Here for Items Related To - Brontok
OR:
Brontok on:   [Wikipedia]   [Google]   [Amazon]

Brontok is a computer worm running on Microsoft Windows. It is able to disperse by
e-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant ...
. Variants include: * Brontok.A * Brontok.D * Brontok.F * Brontok.G * Brontok.H * Brontok.I * Brontok.K * Brontok.Q * Brontok.U * Brontok.BH The most affected countried were Russia, Vietnam and Brazil, followed by Spain, Mexico, Iran, Azerbaijan, India and the Philippines.


Other names

Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, Win32/Brontok.E, Win32/Brontok.X@mm, and W32.Rontokbro.D@mm.


Origin

Brontok originated in
Indonesia Indonesia, officially the Republic of Indonesia, is a country in Southeast Asia and Oceania between the Indian and Pacific oceans. It consists of over 17,000 islands, including Sumatra, Java, Sulawesi, and parts of Borneo and New Guine ...
. It was first discovered in 2005. The name refers to ''elang brontok'', a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe (''kangen'' itself means "to miss someone/thing"). The virus/email itself contains a message in Indonesian (and some English). When translated, this reads: y: HVM31 JowoBot #VM Community-- stop the collapse in this country—1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs Port (Send to " Nusakambangan") -- 2.Stop Free Sex, Abortion, & Prostitution (Go To HELL) 3.Stop (sea and river pollution), forest burning, & wild hunting. 4.SAY NO TO DRUGS!!! - THE END IS NEAR - 5. Do you think you're smart? Inspired by: (Spizaetus Cirrhatus) that is almost extinct y:_HVM31_JowoBot_#VM_Communityunity_-- It_also_contains_a_JavaScript_Pop-up_ad.html" ;"title="JavaScript.html" ;"title="y: HVM31 JowoBot #VM Communityunity -- It also contains a JavaScript">y: HVM31 JowoBot #VM Communityunity -- It also contains a JavaScript Pop-up ad">pop-up. The worm also carried out a ping flood attack on two websites: Israel, Israel.gov.il and Playboy, playboy.com, possibly in an act of hacktivism. A number of other websites with .com TLD were also attacked, prompting popular Indonesian forum
Kaskus Kaskus is an Indonesian Internet forum that describes itself as "the largest Indonesian community". Registration is required for new users to participate in the community, and every registered member has access to more than twenty regional and subj ...
to switch to
.us .us is the Internet country code top-level domain (ccTLD) for the United States. It was established in early 1985. Registrants of .us domains must be U.S. citizens, residents, or organizations, or a foreign entity with a presence in the United ...
TLD until May 2012. Brontok inspired the creation of a more persistent trojan/worm such as Daprosy Worm which attacked internet cafes in July 2009.


Symptoms

When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run
registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
key. It disables the Windows Registry Editor (
regedit.exe The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and u ...
) and modifies
Windows Explorer File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...
settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open the Windows Command Prompt and prevents the user from downloading files. It also pop ups the default Web browser and loads a web page (
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaSc ...
) which is located in the "My Pictures" (or on
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
, "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.


Removal

Brontok can be removed by most
antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
although there are various standalone tools available by antivirus providers.


References

{{reflist Email worms Hacking in the 2000s Cybercrime in India