BusinessTelecomIntegrationSecurityInternetVKontakte.ru attacked by viruses
May 19, 2008, Mon 11:14 AM Internet Security

The Doctor Web Company has reported about a serious virus epidemic in the social network Vkontakte.ru. Those uses, who clicked the external link deti.jpg, risk loosing the personal data stored on their computers.

The Doctor Web’s virus monitoring service reports about a serious virus epidemic that has affected the users of the social network Vkontakte.ru. The epidemic is caused by a dangerous network worm classified as Win32.HLLW.AntiDurov. The worm e-mails the link to the picture deti.jpg directing to the malefactor’s resource from infected computers to other users of Vkontakte.ru. When following the link the executable file deti.scr is sent, which is the network worm.


Being launched through the victim’s computer, the worm preserves a picture on the disc, which if viewed by a reckless user launches the staffing application used to view JPEG files. Thus, the user views what he expectes to see unaware of being affected by the malefactor. Meanwhile, unpleasant events occur on the infected computer.

Having got the access into the user’s home file Application Data\Vkontakte under the name svc.exe, the worm is installed in the system as the Durov VKontakte Service and starts looking for the password to the website VKontakte.ru used by the browser. If the worm succeeds in identifying the worm, it receives the access to all the victim’s contacts and e-mails the mentioned above link to them.

The worm is of dangerous destruction function. On the 25th of each month at 10 in the morning the following inscription appears on the computer’s screen (the original spelling is saved): ‘Pavel Durov Working with VKontakte.ru You have never raised your rating, so you have earned us no profit. Your computer will be annihilated! If you turn to the police for help, you will bitterly regret about it!’ Simultaneous deletion of files from disk C will be launched.