|
Description:
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Malware Overview
UPDATE (Jul 21, 2005) - Trend Micro has received new samples of this worm that have been found in the wild.
This worm arrives as the file, ITUNES.EXE. Its file name may appear familiar to users as it is similar to the name of a popular media player from Apple Computer. Thus, users may be tricked into thinking that this worm is associated with a legitimate product.
It spreads via AOL Instant Messenger (AIM). It sends the following message to all online contacts of an affected user:
this picture never gets old
The message it sends is linked to a specific URL, where it downloads a certain file. This file is believed to be a copy of this worm. However, as of this writing, the URL from which it may be downloaded is unavailable.
This worm has backdoor capabilities. It opens a random TCP port and connects to the Internet Relay Chat (IRC) server xyz.legi0n.net. Once connected, it joins the IRC channel #fate, where it listens for commands from a remote malicious user. It then executes these commands locally on affected machines.
It also downloads and executes other applications, mainly adware programs, into affected machines.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 14, 2005 12:55:28 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
