Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm has received attention from independent media sources and/or other security firms.
It is capable of propagating using multiple vectors: via network shares and removable drives, via software vulnerabilities to propagate across networks, and via the instant messenger, MSN Messenger. It exploits a Server service vulnerability to enable its propagation onto unpatched systems. More information about this Microsoft vulnerability can be found in the following page:
This worm downloads malicious files from various Web sites. These are detected by Trend Micro as TROJ_BUZUS.AMM.
This worm also drops a component detected as HKTL_TCPAGENT.
It opens random ports and attempts to establish a connection to several remote servers which may enable a remote user to execute malicious commands on the affected system.
It has rootkit capabilities, which enables it to hide its processes and files from the user.
It uses the icon of legitimate applications to trick users into thinking that it is a nonmalicious file. It deletes itself after execution.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 7, 2009 12:46:45 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
