It has been reported that the variants of a worm named “phorpiex” is spreading. The worm mainly targets the Windows operating systems and spreads by means of removable devices and instant messaging software. The malware may also arrive on the system as a result of drive-by-download or files created by other malware. The malware is capable of performing the following functions:
Indicators of Compromise:
File system changes:
Registry Changes:
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Sets value: "Microsoft Windows Update" With data: "%USERPROFILE%\M-1-52-5782-8752-5245\winsvc.exe"
Malware Hashes:
Network Communication:
Countermeasures: