|
Description:
Upon execution, This memory-resident worm drops a copy of itself in the Windows system folder as the file DLLPT.EXE.
It also drops and executes the file SYSTEM.EXE in the system root folder. This file is detected by Trend Micro as BKDR_HACDEF.AF. It then creates registry entries to ensure its automatic execution at every system startup.
This worm propagates across networks by dropping a copy of itself into accessible network shares. It logs on to a system using a very long list of user names and weak passwords.
It has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and joins a specific channel where it listens for commands from a remote malicious user.
This worm drops the file B.BAT in the system root folder, which is capable of modifying the Windows HOSTS file. This file is detected by Trend Micro as BAT_SDBOT.G. The said dropped file modifies the HOSTS file of the affected system so that a user is redirected to a specific site when he or she accesses any of the certain Web sites.
It steals CD keys and product codes of certain game applications.
This worm also has keylogging capabilities. It logs the user's keystrokes and running processes. It creates the file LPTDLL.DLL, where it saves all logged information, in the Windows system folder.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 16, 2005 4:39:32 AM GMT -0800
Description updated: Jun. 16, 2005 4:39:51 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
