http://debianws.lexgopc.com/wiki143/index.php?action=history&feed=atom&title=BrontokBrontok - Revision history2026-05-15T16:47:56ZRevision history for this page on the wikiMediaWiki 1.43.1http://debianws.lexgopc.com/wiki143/index.php?title=Brontok&diff=3635386&oldid=previmported>XTheBedrockX: + 21 categories using HotCat2024-12-07T04:50:10Z<p>+ 21 categories using <a href="/wiki143/index.php?title=WP:HC&action=edit&redlink=1" class="new" title="WP:HC (page does not exist)">HotCat</a></p>
<p><b>New page</b></p><div>{{Short description|Computer virus}}<br />
'''Brontok''' is a [[computer worm]]<ref name = "Yuliansyah"/> running on [[Microsoft Windows]]. It is able to disperse by [[e-mail]]. Variants include:<br />
<br />
* Brontok.A<br />
* Brontok.D<br />
* Brontok.F<br />
* Brontok.G<br />
* Brontok.H<br />
* Brontok.I<br />
* Brontok.K<br />
* Brontok.Q<br />
* Brontok.U<br />
* Brontok.BH<br />
<br />
The most affected countries were Russia, Vietnam and Brazil, followed by Spain, Mexico, Iran, Azerbaijan, India and the Philippines.<ref>{{cite web |title=Kaspersky Threats — Brontok |url=https://threats.kaspersky.com/en/threat/Email-Worm.Win32.Brontok/ |website=threats.kaspersky.com |language=en |access-date=2022-09-02 |archive-date=2022-05-21 |archive-url=https://web.archive.org/web/20220521064501/https://threats.kaspersky.com/en/threat/Email-Worm.Win32.Brontok/ |url-status=live }}</ref><br />
<br />
== Other names ==<br />
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, Win32/Brontok.E, Win32/Brontok.X@mm, and W32.Rontokbro.D@mm.<ref>{{cite web|title=Worm:Win32/Brontok.AR@mm|url=http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBrontok.AR%40mm|publisher=Microsoft|accessdate=14 February 2013|archive-date=5 March 2014|archive-url=https://web.archive.org/web/20140305102700/http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBrontok.AR%40mm|url-status=live}}</ref><br />
<br />
== Origin ==<br />
Brontok originated in [[Indonesia]].<ref name="Yuliansyah">{{citation |author = Yuliansyah |title = Mengembalikan Data yang Hilang Akibat Virus |isbn = 978-979-8771-03-3 |publisher = Penerbit Mediakom |language = id |page = 10 |year = 2010}}</ref> It was first discovered in 2005.<ref name = Yuliansyah /> The name refers to [[Changeable Hawk-eagle|''elang brontok'']], a bird species native to South & Southeast Asia. It arrives as an attachment of e-mail named kangen.exe (''kangen'' itself means "to miss someone/thing").<br />
<br />
The virus/email itself contains a message in Indonesian (and some English). When translated, this reads:<br />
<br />
[By: HVM31 JowoBot #VM Community] -- stop the collapse in this country—1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs <br />
Port (Send to "[[Nusakambangan]]") -- <br />
<br />
2.Stop Free Sex, Abortion, & Prostitution (Go To HELL)<br />
<br />
3.Stop (sea and river pollution), forest burning, & wild hunting. <br />
<br />
4.SAY NO TO DRUGS!!! - THE END IS NEAR - <br />
<br />
5. Do you think you're smart?<br />
<br />
Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: HVM31 JowoBot #VM Communityunity --<ref>{{cite web|title=Win32.Brontok.A@mm|url=http://www.bitdefender.co.uk/VIRUS-157247-uk--Win32-Brontok-Amm.html|publisher=Bitdefender|accessdate=14 February 2013|archive-date=19 April 2013|archive-url=https://archive.today/20130419212645/http://www.bitdefender.co.uk/VIRUS-157247-uk--Win32-Brontok-Amm.html|url-status=live}}</ref><br />
<br />
It also contains a [[JavaScript]] [[Pop-up ad|pop-up]].<br />
<br />
The worm also carried out a [[ping flood]] attack on two websites: [[Israel|Israel.gov.il]] and [[Playboy|playboy.com]], possibly in an act of [[hacktivism]]. A number of other websites with .com TLD were also attacked, prompting popular Indonesian forum [[Kaskus]] to switch to [[.us]] TLD until May 2012. Brontok inspired the creation of a more persistent trojan/worm such as [[Daprosy Worm]] which attacked internet cafes in July 2009.<br />
<br />
== Symptoms ==<br />
When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with [[Microsoft Windows|Windows]], by creating a registry entry in the <code>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</code> [[Windows Registry|registry]] key. It disables the Windows Registry Editor ([[regedit.exe]]) and modifies [[Windows Explorer]] settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender.<br />
<br />
The computer also restarts when trying to open the [[Windows Command Prompt]] and prevents the user from downloading files. It also pop ups the default Web browser and loads a [[web page]] ([[HTML]]) which is located in the "My Pictures" (or on [[Windows Vista]], "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.<ref>{{cite web|title=Win32/Brontok|url=http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fBrontok|publisher=Microsoft|accessdate=14 February 2013|archive-date=9 February 2013|archive-url=https://web.archive.org/web/20130209074412/http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32%2fBrontok|url-status=live}}</ref><br />
<br />
== Removal ==<br />
Brontok can be removed by most [[antivirus software]] although there are various standalone tools available by antivirus providers.<br />
<br />
== References ==<br />
{{reflist}}<br />
<br />
[[Category:Email worms]]<br />
[[Category:Hacking in the 2000s]]<br />
[[Category:Cybercrime in India]]<br />
[[Category:Windows malware]]<br />
[[Category:Denial-of-service attacks]]<br />
[[Category:Internet in Russia]]<br />
[[Category:Internet in Brazil]]<br />
[[Category:Internet in Vietnam]]<br />
[[Category:Internet in Spain]]<br />
[[Category:Internet in Azerbaijan]]<br />
[[Category:Internet in Mexico]]<br />
[[Category:Internet in Iran]]<br />
[[Category:Cybercrime in the Philippines]]<br />
[[Category:Attacks in Azerbaijan]]<br />
[[Category:Attacks in Brazil]]<br />
[[Category:Attacks in India]]<br />
[[Category:Attacks in Iran]]<br />
[[Category:Attacks in Mexico]]<br />
[[Category:Attacks in the Philippines]]<br />
[[Category:Attacks in Russia]]<br />
[[Category:Attacks in Vietnam]]<br />
[[Category:Internet in Israel]]<br />
[[Category:Attacks in Israel]]<br />
[[Category:Playboy]]</div>imported>XTheBedrockX