|
Description:
This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It creates a copy of itself and drops a batch file to delete the initially executed file. It then drops and executes a file in the %System Root% directory which contains commands to create registry entries to force IE to show application/xhtml+xml MIME pages. It also deletes a registry key to disable Internet Explorer navigation.
This worm searches for cookies related to social networking sites. Once cookies related to social networking Web sites are located, it then connects to these Web sites using the user login session stored in the cookies. It navigates through pages to search for user's friends. If a friend has been located, it sends an HTTP POST request to the server. As a reply, the server sends data, which is actually the message to be sent to user's contacts. It then composes a new message containing the data from the server and sends it to the user's friend.
The new message contains a link where a copy of this worm can be downloaded.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 19, 2009 6:00:26 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
