One day it’s Shellshock, the other day it’s Sandworm. What should you know about this malware that was announced with fanfare several days ago? ISIGHT, the company that discovered this virus, says that Sandworm relies on a Windows zero-day vulnerability that is known as CVE-2014-4114. Fortunately, Microsoft patched this vulnerability in October, 2014. It has also been reported that this virus has mostly been used in Russian espionage campaigns targeting such domains as NATO, European Union, Energy Sector firms, Telecommunications United States academic organizations, etc. However, it seems that anyone can become a victim of Sandworm. How to avoid it? We will try to explain you that in the next paragraph.
The main thing that you have to know is how this malware travels around. It seems that it relies on a Powerpoint file that refers to an .INF file. Of course, the mostly used method for spreading such files around is with a help of misleading emails, so be sure you ignore all of them. Once a malicious Powerpoint file is downloaded onto the system, it pulls in two files that are known as slides.inf and slide1.gif. Once these files are active, they are used to make specific system modifications and install a virus. Note that malware itself is not hiding in this malicious Powerpoint file. It is downloaded latest without any permission asked.
If you want to avoid Sandworm virus, make sure you apply Microsoft’s MS14-060 patch and fix CVE-2014-4114 vulnerability. In addition, installing a reputable security tool would help you to prevent infiltration of this and other malwares in the future. Of course, you should always make sure that your anti-virus is up-to-date and that you are using the latest its version. Finally, avoid misleading emails and do NOT download email attachments that came to your inbox from unknown sources.