Worm Win32/VB. CB Original issue date: April 29, 2010

It has been reported that Worm Win32/VB.CB is propagating. It spreads mainly via Yahoo! messenger by sending messages to all in the contact list with a link to worm copy or via removable drives. It opens a backdoor, communicate to an command and control server ,download and installs additional malware in the compromised system.

Up on execution the worm:

• Drops the system and windows related files
• Modify the legitimate autorun registry entry to execute
• Drops copies of itself as {folder name}.exe inside the root folder of removable drives.
• Sends messages to all online Yahoo! Instant Messenger contacts with the either a URL or random text as the body .

Countermeasures:

• Search for the malicious files, registry entries created worm and delete the same.
• Install and maintain an updated anti-virus software at gateway and desktop level
• Use caution when opening attachments and accepting file transfers

Disable autorun.

• Keep up-to-date on patches and fixes on the operating system and above mentioned vulnerabilities
• Install and maintain Firewall at Desktop level
• Use caution when clicking on links to Web pages