Nurech.B is a worm that ends several processes belonging to security tools, such as antivirus programs and firewalls, among others. It also registers itself a LSP (Layered Service Provider) in order to monitor Internet traffic. Additionally, it downloads a variant of the Trojan Alanchum into the computer, and has rootkit functionalities, which allow it to hide its own processes. Nurech.B spreads via email in a message with an attached file that has an EXE extension. Note:
LSP (Layered Service Provider) is a Windows feature that is used to listen to all the TCP/IP traffic taking place between Internet and the applications that are accessing Internet (such as the web browser, the email client, etc.). Within this structure, a number of programs are specified. Such programs will carry out certain actions over the TCP/IP traffic; for example, it could be specified a computer security program, which analyses the traffic in search for viruses or other threats before transferring it to the final application of the traffic. However, this structure can also be used by certain malware, in order to intercept the communication across the Internet, and, what is worse, if they are deleted without taking precautions, the Internet connection will stop working indefinitely. |