Batamhacker spreads an old-school worm

Yesterday afternoon we wrote and published detection for an unusually  ‘old school’ style worm, complete with hacker graphics, something that we don’t see too much of anymore. It’s all a bit retro.

I have to confess to completely misreading this particular hacker name initially, and for a few minues thought we were dealing with someone called “Bantamhacker”.  Turns out it’s actually Batamhacker who’s behind this one, an Indonesian according to a quick Google search.

A full description of the worm can be found here, but what was of interest to me was the fact that it included the following hidden window:

(I’m pretty sure that face is a rip-off of a game graphic, but can’t for the life of me think which one. Send us an email if you can put me out of my misery)

If you’re infected by the worm this won’t be an obvious sign given that it’s a hidden window, but here’s one that will be blatant, you’ll see a file called “about me” dropped onto your desktop, and if you open it you’ll see this:

You’ll also notice that Mr “Chicken Hacker” creates his own user profile on your computer, so if you log out or switch user you’ll see his name listed.

Not quite the professional stealthy nasty that we’re used to dealing with, but a pain all the same for anyone who gets infected.

As you’ll see from our description of this worm it does have an unpleasant payload as it’ll attempt to overwrite your files. It’s also a reminder of the varied threat landscape we all face, although the vast majority of malware we see is written by organised criminals for financial gain, there’s still the odd old-school nutcase out there attempting to wreak havoc with your system purely for fun.