|
Description:
This memory-resident worm propagates through network shares and Internet Relay Chat (IRC). It drops several copies of itself in the Windows and the Windows system folders. Some of the dropped files are ZIP-compressed, in which case it uses the WinZip application to extract the dropped files.
It also drops a certain valid .DLL file, which it uses in sending email messages.
The email message that it sends out has the following details:
From: (any of the following)
• Thomas
• <thomas_gay6@iopus.com>
• <sandra@oxygen.com>
• Lola Ashton
• <linda200@gmail.com>
• Bad Love
• <user377@worldsex.com>
• <gustes@msn.com>
• Sweet Women
• <admin@newmovies.com>
• Sara GL
• <hot_woman2362@freevideos.net>
• The Moon
• <lost_love705@yahoo.com>
• Binnn MT
• <King_sexy@hotmal.com>
• spoofed_names
Subject: (any of the following)
• For all
• Hello
• Please reactive now.
• Thanks
Message Body: (any of the following)
• Update
• Please reactive now
• Thank you
• please reactive
• For all Members repit the reactive one time.
• has been expired please contact Mr.Bill Gates for the acitve now, Thank you
Attachment: (any of its dropped files)
This worm attempts to terminate processes that are associated with security and antivirus products.
This worm uses an MPEG or movie file icon as its stealth mechanism. It runs on Windows 95, 98, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 6, 2004 1:07:25 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
