Microsoft’s Threat Research and Response Blog says a recent update to their Malicious Software Removal Tool (MSRT) can now detect Renocide, a worm from 2008. The new MSRT in one week already has Renocide at #4 on the top ten infections list.
A description, with some signs of infection, was provided with the update.
Win32/Renocide is a family of worms that spread via local, removable, and network drives and also by means of file sharing applications.
It infects the network by scanning the local network using the subnet mask 255.255.0.0 and looking for writeable shares where it can copy itself and an autorun.inf file. It also uses the NETBIOS protocol to look for machines in the local network where it can plant copies of itself.
To infect computers beyond the local network, it plants copies of itself in the shared folders of popular file sharing applications. This step also involves social engineering techniques to maximize infection success.