It’s called Vengeance Justice Worm (Vjw0rm), but think of it as the Leatherman malware tool. Vjw0rm wreaks havoc in very versatile ways: information theft, denial of service (DoS) and self-propagation attacks and many more. In addition, and unfortunately being a multiple threat, Vjw0rm is publicly available. Threat actors with minimal skills can use it to target organizations of all shapes and sizes.
How can you get infected with Vjw0rm
This worm can reach a computer in several ways:
▸From an infected removable storage device (USB)
▸By automatic download
▸Downloaded or dropped on the computer by other malware
▸Through Phishing
These identification numbers are used in the decryption algorithm. Although the JS file appears to be written in Arabic, the algorithmically encoded strings are JS code characters inserted into the Arabic character set. This was accomplished by decoding the main source code to Unicode, then resolving the characters to get the character code. After a simple calculation involving the length of the identification number, the results are added to the character code.
The defining characteristic of the worm that Vjw0rm exhibits is the ability to spread via a removable drive. This sample scanned the machine for DriveType 2 devices attached so it can copy itself to the drive. Once on the drive, Vjw0rm sets all files and folders on the removable drive to “hidden system” and creates an icon with the name of one of the previously hidden legitimate files.
The ability to spread over USB and allow remote access connections makes this type of malware a hybrid between a worm and RAT. This hybrid enables both information exfiltration and increased payload execution, while being self-propagating.
See also:
What would be the most dangerous computer worms
Moriya is a new rootkit that uses back doors
