|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
Trend Micro has flagged this worm as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.
This worm may be dropped by other malware.
Upon execution, it first checks if it is in a specific folder. If not, it creates a copy of itself and deletes itself from its current directory.
It enumerates drives A-Z of the affected system and overwrites the Master Boot Record (MBR) of all drives that it finds with the following string:
- Memory of the Independence Day
It searches for files with certain file extensions in all fixed drives starting from Z: to A:. It then deletes all the non 0-byte files that it finds, and creates an archived copy of the found files with the extension name gz.
It deletes itself after execution.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 12, 2009 12:27:06 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
