TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SOHANAD.BO
Overview
Solution

Malware type: Worm

Aliases: IM-Worm.Win32.Sohanad.t (Kaspersky), W32.Imaut (Symantec), W32/Sohanad.R (Avira), W32/Sohana-R (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Medium

Infection Channel 1 : Propagates via instant messaging applications

Description: 

This worm drops files/components. It then creates and modifies registry entries to ensure automatic execution at every system startup.

This worm propagates via Yahoo! Messenger. It does the said routine by sending an instant message to all contacts of a target user. The message it sends contains a link to a remote copy of itself. When the recipient clicks the link, its copy is executed on the recipients' system.

It opens random TCP ports where it listens for remote commands from malicious user. It executes these commands locally on the affected system, thus compromising the system security.

It displays the following message box:

WORM_SOHANAD.BO

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 13, 2007 11:59:22 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.