Worm.Win32.Houdini

General explanation

Type: Worm

Degree of destruction: high

Prevalence: high

Names of the malware:

  • Worm.Win32.Houdini
  • Worm.VBS.Dinihou
  • Worm.VBS.Ntuser
  • Worm.Win32.NHoudini
  • Worm.VBS.Houdini
  • Worm.JS.Houdini

What is the Worm?

Computer worms such as Houdini are types of malware that are capable of reproduction. For permanence, worms set ways to maintain the infection in each system boot. The prominent feature of worms is in their distribution which is generally performed through portable drives and shared directories in the network.

What is Houdini malware?

This malware initially will enter the victim’s system with vbe format through a portable drive. The method of its function is to hide all directories of the portable drive, then create a shortcut for each one of them. The created shortcuts after execting, first, will execute a malware file that is hidden in the portable drive and then will open the desired directory.

Technical explanation

This malware will copy itself in the system startup with the name of ntuser. vbe and as well as inside the connected portable drive (Flash Drive, External Hard Drive, etc) to the system. Then by changing the system registry, it will create the possibility to execute automatically in each system boot.

The goal of this malware is to spy on the victim’s system information and sends them to its server to collect the following data about the victim’s system:

  1. The name of the victim’s computer
  2. The username of the person has currently entered the system
  3. OS version
  4. Software serial number
  5. Hardware identification number
  6. This malware by connecting to a special domain such as qio0oip.no-IP.ivfo  through port 1177, allows an intruder to remotely executes the commands.

How to deal with it and disinfect the system

By UMP capability which is a part of behavioral protection, Padvish can prevent the system from infection through a portable drive. Therefore, to prevent infection to all types of malware that transfer through portable drives such as Houdini malware, it is recommended to install Padvish and prevent malware from entering and infecting the system.

If your system is infected by Houdini malware act as follows:

  1. Install Padvish on your system
  2. Connect the infected portable drive to your system
  3. Scan the portable drive using Padvish to disinfect both the system and the portable drive.

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>