![]() This worm adds the following registry entries: Microsoft Driver Setup = "%Windows%\ggdrive32.exe" This worm adds the following registry entries to enable its automatic execution at every system startup: ![]() It adds the following mutexes to ensure that only one of its copies runs at any one time: (Note: %Windows% is the Windows folder, which is usually C:\Windows.) This worm drops the following copies of itself into the affected system: Payload: Compromises system security, Downloads files, Steals information, Terminates processes, Disable the Windows Firewall settings It takes advantage of software vulnerabilities to propagate across networks. This action allows this malware to perform its routines without being deteted by the Windows Firewall. It modifies registry entries to disable the Windows Firewall settings. This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said sites are inaccessible. ![]() As a result, malicious routines of the downloaded files are exhibited on the affected system. It executes commands from a remote malicious user, effectively compromising the affected system. It connects to Internet Relay Check (IRC) servers. It does not have information-stealing capabilities. It retrieves information on the operating system version, service pack installed, IP address and local information of the infected machine. It executes commands from a remote user to connect to malicious sites to download files or updates of itself, create processes, kill processes or threads, and scan ports. This worm sends copies of itself to target recipients using the instant-messaging (IM) application, MSN Messenger. Infection Channel: Propagates via instant messaging applications, Propagates via software vulnerabilities
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |