|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm may be downloaded from the Internet. Upon execution, it drops a copy of itself. It displays a message box to trick users into thinking that it did not execute properly. It accesses the Google Web site to check for an Internet connection.
It creates a registry entry to enable its automatic execution at every system startup. It also drops non-malicious files.
This worm checks if the user has visited the social networking Web site Facebook by searching for cookies with a certain string. If it finds the said string, it adds links to the affected user's profile that points to a copy of this worm. It deletes itself if no cookies that refer to Facebook are found.
It connects to a certain Web site to send and receive information.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 13, 2008 7:11:33 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
