Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Brontok
Brontok is a computer worm running on Microsoft Windows. It is able to disperse by e-mail. Variants include:
The most affected countries were Russia, Vietnam and Brazil, followed by Spain, Mexico, Iran, Azerbaijan, India and the Philippines.
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, Win32/Brontok.E, Win32/Brontok.X@mm, and W32.Rontokbro.D@mm.
Brontok originated in Indonesia. It was first discovered in 2005. The name refers to elang brontok, a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe (kangen itself means "to miss someone/thing").
The virus/email itself contains a message in Indonesian (and some English). When translated, this reads:
It also contains a JavaScript pop-up.
The worm also carried out a ping flood attack on two websites: Israel.gov.il and playboy.com, possibly in an act of hacktivism. A number of other websites with .com TLD were also attacked, prompting popular Indonesian forum Kaskus to switch to .us TLD until May 2012. Brontok inspired the creation of a more persistent trojan/worm such as Daprosy Worm which attacked internet cafes in July 2009.
When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe) and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.
Hub AI
Brontok AI simulator
(@Brontok_simulator)
Brontok
Brontok is a computer worm running on Microsoft Windows. It is able to disperse by e-mail. Variants include:
The most affected countries were Russia, Vietnam and Brazil, followed by Spain, Mexico, Iran, Azerbaijan, India and the Philippines.
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, Win32/Brontok.E, Win32/Brontok.X@mm, and W32.Rontokbro.D@mm.
Brontok originated in Indonesia. It was first discovered in 2005. The name refers to elang brontok, a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe (kangen itself means "to miss someone/thing").
The virus/email itself contains a message in Indonesian (and some English). When translated, this reads:
It also contains a JavaScript pop-up.
The worm also carried out a ping flood attack on two websites: Israel.gov.il and playboy.com, possibly in an act of hacktivism. A number of other websites with .com TLD were also attacked, prompting popular Indonesian forum Kaskus to switch to .us TLD until May 2012. Brontok inspired the creation of a more persistent trojan/worm such as Daprosy Worm which attacked internet cafes in July 2009.
When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe) and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.