Description:
Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here. |
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm may be dropped by other malware. It may arrive via network shares. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It propagates via the instant messaging application MSN Messenger. Once this worm receives specific commands from a remote user, it enables the instant messaging application MSN Messenger to download a copy of this worm and send an archived copy (.ZIP) to affected users' contacts.
It drops a copy of itself. This worm creates the following registry entry to enable its automatic execution at every system startup.
It creates an IRC script that automatically sends a message to all users who join the IRC server that it connects to.
It opens ports 9103 to connect to an Internet Relay Chat (IRC) server and joins an IRC channel. Once connected, it acts as a backdoor that allows a remote malicious user to issue commands locally on an affected machine.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 22, 2008 12:00:00 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
