Home>Network Worms>Internet Worms>

Worm.Win32.Zindos.a

Alert Level :	Medium
Discovered:	Jul 28 2004
Tag:	Internet   Worms
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This worm spreads via the Internet using machines infected by I-Worm.Mydoom.m and penetrates victim machines via the backdoor installed by Mydoom.m

It is also programmed to conduct a DoS attack on www.microsoft.com.

The worm is approximately 5760 bytes in size and packed using UPX.

Installation

When launched, the worm copies itself under a random name to the system's temporary directory. It registers this file in the system registry, thus ensuring the worm file will be launched each time Windows is started.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
  "Tray"=worm file name

The worm randomly generates an IP address and will attempt to connect to this address via TCP port 1034 (the port opened by Mydoom.m). If a connection is established, the worm will send itself to the victim machine.

DoS attack

The worm sends multiple URLDownloadToCacheFile requests to the Microsoft corporate site.

0

Removal Worm.Win32.Zindos.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware