|
Description:
This memory-resident worm drops a copy of itself as any one of three file names, namely MSGFIX.EXE, AAUPDT.EXE, and WUPDA32.EXE. It then creates several threads mostly for its propagation routine. It scans the network for weak user names and passwords to force its way into a system.
It has backdoor capabilities. It initiates an IRC (Internet Relay Chat) bot to connect to remote IRC servers and listen for outside connection. It then executes commands from the remote malicious user, leaving the affected system compromised.
It gathers cached passwords on Windows 9x systems. It likewise gathers the CD keys of popular game applications.
It runs on Windows 95, 98, ME, NT, 2000, XP, and 2003.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 16, 2004 6:17:49 AM GMT -0800
Description updated: Jun. 16, 2004 6:18:46 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
