Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Cybercriminals can do just as much damage deleting users’ data as stealing it because file deletion can result in both data or monetary loss. One example would be CryptoLocker, which became notorious for combining the two—demanding money with the threat of data destruction. We recently came across a malware, detected as VBS_SOYSOS, that deletes important image files including .DWG files.

    As far as malware techniques go, VBS_SOYSOS is not the first malware to delete files. However, it is rare for VBScript malware to delete files. The deletion of DWG files, which is a known output of computer-aided design (CAD) software, poses risks to certain industries, including the automotive, engineering, manufacturing and architectural design industries, which are known to use these software.

    Based on feedback from the Smart Protection Network, this malware is currently spreading in Mexico. The number spiked on November 10, with a single variant accounting for 3,331 infections. VBS_SOYSOS was found to spread in systems via removable drives.

    Further analysis of the obfuscated code reveals that the malware contains a simple script. Once executed, it creates copies of itself using file names of files with .MP3, .JPG and .DWG extensions found in all removable drives. But rather than hiding the original files, VBS_SOYSOS deletes these.

    131125_fugre1_soysos_code

    Figure 1. Screenshot of VBS_SOYSOS script

    Users can check if if their system is infected with the malware by looking for its copy, which is named D&D.vbe. It also adds a marker 4U Denia & Dania to the registry.

    131125_fugre2_VBS_SOYSOS_A

    Figure 2. VBS_SOYSOS Autostart Registry

    This VBScript malware disables the  Task Manager and the Registry Editor so manual cleanup will require third-party tools with similar functions terminated applications. It is important for users to install security solutions like those from Trend Micro to avoid malware infection. To prevent data loss, users are encouraged to back up their important data by using the 3-2-1 rule.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice