Malware type: Worm

Aliases: W32.Mancsyn(Symantec), Troj/MancSyn-F(Sophos), Net-Worm.Win32.Agent.d(Kaspersky), Worm/Agent.D.956(Avira), W32/NetWorm.GR (exact)(F-Prot), W32/Cheli.worm(McAfee)

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This worm usually arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites.

It takes advantage of the Server Service vulnerability in Windows to propagate across network shares. For more information on the said vulnerability, please refer to the following Microsoft Web page:

Microsoft Security Bulletin MS06-040

It changes the Internet Explorer home page. It does the said routine by modifying a related registry entry.

It deletes certain files and registry entries.

For additional information about this threat, see:
Solution
Technical Details
Statistics

Description created: Apr. 25, 2007 3:56:49 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.