Initially discovered on November 2007, Win32.Worm.Sohanad.NAW is a self-spreading e-threat able to download files from remote locations and stealthily execute them on the infected machine. The worm is extremely aggressive in terms of self-replication, as it features no less than three distinct methods of infecting new systems: by sharing itself on the local network, by infecting any removable storage device plugged into the infected computer and by sending enticing messages to all the Yahoo Messenger contacts of the infected YIM user.
network. Win32.Worm.Sohanad.NAW tampers with the Windows Registry in order to prevent the user from accessing the Task Manager, Regedit and Folder Options, and also adds a new registry entry in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon in order to register itself at every Windows restart.
Other variants of Win32.Worm.Sohanad.NAW are able to create scheduled tasks using the Microsoft Job Scheduler to execute itself every day at 9:00 AM starting on the day it is first executed.
In order to stay safe and fully enjoy your Internet experience, BitDefender recommends that you install and regularly update an anti-malware suite with anti-virus, anti-spam, anti-phishing
and firewall modules.
Information in this article is available courtesy of BitDefender virus researcher George Cabau.