WORM_AQPLAY.A - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

WORM_AQPLAY.A

Overview

Solution

Technical Details

Malware type: Worm

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Infection Channel 1 : Propagates via removable drives

Infection Channel 2 : Copies itself in all available physical drives

Description:

This worm may be downloaded as an installer application from remote site(s) by other malware.

When an unsuspecting user visits certain spoofed versions of video streaming websites such as YouTube, it prompts the user to download the latest version of the flash player.

It creates folder(s) and drops several file(s)/component(s), which may possibly be malicious.

Upon execution, it drops and executes a malicious file, which is also detected by Trend Micro as WORM_AQPLAY.A in the current user�s Temporary folder. It then deletes the said file after execution.

It also drops another file also detected as WORM_AQPLAY.A in a created folder found in all physical and removable drives.

It creates registry key(s)/entry(ies).

It drops an AUTORUN.INF file to automatically execute dropped copies when certain drives are accessed.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 28, 2009 2:36:28 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.