|
Description:
Upon execution, this worm drops a copy of itself as MSNADP32.EXE in the Windows system folder. It also drops a file, PWMGR.EXE, which is detected by Trend Micro as WORM_RBOT.BMR, in the same folder.
It propagates via MSN Messenger. It sends an instant message to all online MSN Messenger contacts of an affected user. The message encourages the user to click a link, which is suspected to download a copy of the worm. However, as of this writing, the said link is inaccessible.
The said message is as follows:
lmao you dumbass!
http://freebu{BLOCKED}yicons.thinki.co.uk/pics.php?user={email
address of the sender}
The link spoofs the sender's email address.
Below is a screenshot of the message:
This worm also searches for the ICQ shared files folder, where it drops copies of itself using a list of file names.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 21, 2005 4:35:37 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
