Description:
Trend Micro has received multiple samples of this worm from multiple, independent sources, including customer reports and internal sources. These indicate that this worm poses a high risk to users due to the increased possibility of infection.
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm arrives on an affected system in several ways: it may be downloaded from remote sites by other malware, downloaded unknowingly by a user when visiting malicious Web sites, or it may arrives via removable drives.
It spreads by dropping a copy of itself in all removable drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It also spreads by exploiting the Server Service vulnerability to propagate. More information about this vulnerability can be found in the following Microsoft Web page:
It uses drops component detected as RTKT_FARFLI.UW to execute certain routines.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 26, 2009 8:21:40 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
