|
Description:
This file infector infects .EXE and .SCR files on an infected system and on remote network shares with read and write access. It makes use of random ports in order to access network shares.
Upon execution, it drops a .TMP file detected by Trend Micro as PE_PARITE.A-O.
It should be noted that it may also arrive as an email file (EML) file that contains the malware executable. In this form, this file infector executes when the malicious EML file is opened. Once opened, it searches for HTM or HTML files on the infected system with the strings "README" in their file names. Once found, it drops a copy of the .EML file into the folder where the infected .HTML file is found. The infected HTML file is detected by Trend Micro as JS_NIMDA.A.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 23, 2009 1:00:12 AM GMT -0800
Description updated: Sep. 23, 2009 12:58:17 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
