|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, it searches for cookies created by social networking Web sites. It then makes a DNS query to check IP addresses that corresponds to remote domains. The said servers can send and receive information about the affected machine. Once connected to the said servers, the remote malicious user may perform certain commands on the affected machine.
Once cookies related to the monitored social networking Web sites are located, it connects to these Web sites using the user login session stored in the cookies. It then navigates through pages to search for the user's friends. If a friend has been located, it sends an HTTP POST request to the server. As a reply, the server sends data which is actually the message to be sent to user's contacts. It then composes a new message containing the data from the server and sends it to the user's friend. The new message contains a link where a copy of this worm can be downloaded.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 28, 2009 4:02:07 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
