Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may also be downloaded from remote site(s) by other malware.
It drops files on the affected system, including a copy of itself. It also makes multiple changes to the Windows registry; one of these allows it to run at every system startup.
It uses its own Simple Mail Transfer Protocol (SMTP) engine to send email messages with a copy of itself as attachment. It gathers addresses from the user's Windows Address Book (WAB), as well as generates addresses based on certain rules.
It also drops copies of itself in folders that are normally shared by certain peer-to-peer applications.
This worm drops a copy of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It drops and executes a file detected by Trend Micro as BKDR_SDBOT.QB. As a result, malicious routines of the related malware are exhibited on the affected system.
Moreover, it connects to a certain Web site to download possibly malicious files.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 3, 2008 1:50:05 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
