TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_AUTORUN.PB
Overview
Solution

Malware type: Worm

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via removable drives

Infection Channel 2 : Spammed via email

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_AUTORUN.PB Behavior Diagram

Malware Overview

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware.

It creates registry entries to enable its automatic execution at every system startup.

It drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

It accesses Web sites to download a file detected as TSPY_AGENT.CAB. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 24, 2008 7:01:20 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.