|
Description:
This virus infects .EXE files using Alternate Data Stream (ADS). It searches the entire system for target executables but is only able to infect files in the root directory.
It propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine. It arrives on email with the following format:
From: "Microsoft" security@microsoft.com
Subject: Use this patch immediately !
Message body: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe
It drops a Trojan detected as TROJ_NAROD.A, which connects to IRC via port 6667 to allow remote users to manipulate infected systems. This Trojan allows remote users to perform a Denial of Service (DoS) attack against other machines using infected systems.
This virus runs on Windows 95, 98, ME, NT, 2000, and XP. However, since only Windows 2000 and XP systems support Alternate Data Stream, it leaves .EXE files infected in other platforms unrecoverable.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 19, 2003 6:59:59 PM GMT -0800
Description updated: Aug. 19, 2003 6:59:58 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
