|
Description:
This worm propagates via network shares by attempting to drop a copy of itself into network shares. The dropped copies use different file names and extensions. It is also capable of dropping a .ZIP compressed copy of itself in the affected machine's floppy drive, which is usually drive A.
Once memory-resident, this worm opens certain ports and tries to establish an Internet connection to enable a remote malicious user to issue certain commands on an affected system. Through its backdoor capability, this worm is able to gather information, which it then sends to the following Web sites:
- http://www26.brinkster.com/{BLOCKED}/Actuafecha.asp
- http://www26.brinkster.com/{BLOCKED}/actua.asp
It also sends the information it gathers to a remote user via email message using its own Simple Mail Transefer Protocol (SMTP) engine.
Furthermore, this worm lowers Internet Explorer's security settings. It also changes the settings for viewing files and folders, such that system files and extensions are hidden.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 7, 2005 7:42:09 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
