A new botnet was discovered from a million computers based on Windows

The virus penetrates computers in different ways: through infected flash drives, infected executable files, as well as using special scripts integrated into HTML documents — They retain the virus on the computers when opening a malicious web page in the browser window.

Win32.Rmnet.12 — A complex multi -component file virus, consisting of several modules and has the ability to self -cutting (knows how to copy itself and spread uncontrollably without the participation of the user). Starting in the operating system, Win32.Rmnet.12 checks which browser is installed by default (if it is not detected, the virus selects as the goal of Microsoft Internet Explorer) and is embedded in the browser processes. Then, having generated the name of the own file based on the serial number of the hard drive, the virus is stored in the automatic loading folder of the current user and sets the attribute for the malicious file «hidden». The configuration file is also stored in the same folder, which records the data necessary for the work of the malicious program. Then, on the basis of the algorithm laid in it, the virus determines the name of the control server and tries to establish a connection with it.

The spread of the virus occurs in several ways: firstly, using the vulnerabilities of browsers that allow you to save and launch executable files when opening web pages. The virus searches for all HTML files stored on disks and adds to them the code in the VBSCRIPT language. In addition, Win32.Rmnet.12 infects all executable files found on the disks with extension .EXE knows how to copy itself on removable flash drives, keeping a carfall and a shortcut file in the root folder, referring to a malicious application, which in turn launches the virus.

Initially, the number of components of the Win32 network.Rmnet.12 infected machines were relatively small and totaled several hundred thousand bots, but this number gradually increased. According to April 15, 2012, Botnet Win32.Rmnet.12 consists of 1400520 infected nodes and continues to grow confidently. The dynamics of the change in the number of the network is shown on the schedule below.


  • News.Drweb.com

Leave a Reply

Your email address will not be published. Required fields are marked *