TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NETWORM.C
Overview
Solution

Malware type: Worm

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 High

Infection Channel 1 : Propagates via network shares

Infection Channel 2 : Propagates via software vulnerabilities

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_NETWORM.C Behavior Diagram

Malware Overview

This worm may be downloaded from remote Web sites by other malware. It may also be dropped by other malware or arrive via network shares.

When executed, it creates registry entries to enable its automatic execution at every system startup. It searches the network for certain shares, into which it attempts to drop copies of itself.

It also spreads by logging on to target systems using any of the certain passwords. It also attempts to establish a connection to various IP addresses in TCP Port 445. It also propagates by taking advantage of the following vulnerability discovered in certain Microsoft operating systems:

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 23, 2008 9:55:32 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.