Description:
Upon execution, this memory-resident worm propagates through AOL Instant Messenger (AIM). It sends the following message to other users listed on the current user's AIM Buddy List:
This AIM user has sent you a Greetings Card, to open it visit:
http://g{BLOCKED}aol.com/index.pd?source=christmastheme?my_christmas_card.COM
Its social engineering technique takes advantage of the Christmas season. When an unsuspecting recipient clicks the said link, this worm automatically installs itself on the affected system. Certain links on the said Web site also install updated versions of this worm.
It also modifies certain registry entries to disable securty-related settings on the affected system. This makes the system very vulnerable to attacks.
It has backdoor capabilities. It opens random ports and comes with a built-in Internet Relay Chat (IRC) client engine, which enables it to connect to an IRC channel and wait for several commands from a malicious user. This routine then compromises system security.
Moreover, this worm performs PING flood attack against target systems. This kind of flood attack compromises network traffic and slows down system performance. It also creates the mutex DXUIJPEADHEA which ensures that only one instance of itself is running in the memory.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 5, 2005 10:48:34 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
