SOHANAD’s Secret Revealed

SOHANAD may be an old malware family but it still remains a prevalent threat in the Asia/Pacific region. WORM_SOHANAD is created using an AutoIt script, a freeware scripting language for MS Windows. The said script will then be converted or compiled into a Win32 executable (.PE file) using the UT2EXE tool in order to become the malware’s final build. Aside from SOHANAD, other malware such as worms SILLY, YAHLOVER, AUTORUN, and IMAUT are also created via AutoIt script.
Nhatquanglan: A Common SOHANAD Threat in Southeast Asia and India
Most SOHANAD variants originated from several Southeast Asian countries like Vietnam (Nhatquanglan and ViRuSLoVeHD), India (Khatarnak), the Philippines (Funny_UST_Scandal), and Indonesia (VirusBenci). Nhatquanglan remains as the most common SOHANAD variant in Southeast Asia and India. It may arrive in the system via the following vectors:

Web (as downloaded malware)
Yahoo! Messenger v8.0 and below
Network shared folders/drives
Removable media (i.e. USB, flash memory cards, etc.)

Similar to other SOHANAD variants, Nhatquanglan also spammed messages with malicious links to the affected user’s instant messenger (IM) contacts. Some of these messages are even written in Vietnamese.

Bo oi! Co biet gi chua ha?Cai nay hay lam a nha
http://www.{BLOCKED}vantinhyeu.info

Loi to tinh dau tien cua tui : )
http://www.{BLOCKED}vantinhyeu.info

cau noi hay nhat danh cho 2 nguoi iu nhau
http://www.{BLOCKED}vantinhyeu.info

Biet yeu la sai lam, sao ta cu yeu dai kho
http://www.{BLOCKED}vantinhyeu.info

Lan dau (continue reading...)