|
Description:
This network worm belongs to the family WORM_OPASERV.GEN and it differs from other variants in the name of the mutex that it creates, the name of the files that it drops and its autostart entry in the registry. It is similar in the sense that it creates all the aforementioned things, only this time they have different names.
It uses the Share Level Password vulnerability on Windows systems to propagate via network shared C:\ drives. The vulnerability allows a remote user to access a Windows 9x/ME shared file without having to know the entire password assigned to that share. More information for this and the necessary security patch are available at:
http://www.microsoft.com/technet/security/bulletin/MS00-072.asp.
It also attempts to download what appears to be updated copies of itself from a certain site. At this time of writing, the download site is not accessible and is either blocked or currently down.
This malware also steals information from the target system, encrpyts them and saves them its log files.
It arrives compressed with PEPACK 1.0 and encrypted with YodaCrypt 1.2. It runs on Windows 95, 98 and ME.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 27, 2003 10:40:11 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
