If infected, internet speed can be reduced and malicious files can be infected through its network.
Therefore, general users need to careful on using internet.
Furthermore, this ARP Spoofing malicious file is widely infecting under the certain management program.
2. Spreading path and symptoms of infection
The place of origin hasn't been figured out so far, however, spreading technique of this malicious file is not as usual.
The biggest difference between previous malicious files and recently found malicious file is including iframe for download additional malicious file. In other words: infected PC can work as a spreading server.
Upon infected ARP Spoofing, it can generate following files.
Besides, it can launch certain file through ActiveX which was injected Script file on iframe.
This file can try to download additional certain file on infected PC.
Furthermore, it can set certain folder to shared folder.
This malicious file can kill certain anti-virus software with using taskkill.exe, can make Windows firewall exception on certain service on registering registry, and can control infected PC remotely with using "UpdateService.exe"(Remote control module).
3. How to prevent
If a PC infected, PCs in same IP range can be infected in a row.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.