Worm.Win32.Zindos.a

tag:Internet Worms

0 0

This worm spreads via the Internet using machines infected by I-Worm.Mydoom.m and penetrates victim machines via the backdoor installed by Mydoom.m

It is also programmed to conduct a DoS attack on www.microsoft.com.

The worm is approximately 5760 bytes in size and packed using UPX.

Installation

When launched, the worm copies itself under a random name to the system's temporary directory. It registers this file in the system registry, thus ensuring the worm file will be launched each time Windows is started.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
  "Tray"=worm file name

The worm randomly generates an IP address and will attempt to connect to this address via TCP port 1034 (the port opened by Mydoom.m). If a connection is established, the worm will send itself to the victim machine.

DoS attack

The worm sends multiple URLDownloadToCacheFile requests to the Microsoft corporate site.

previous:Worm.Win32.Zaurga.a
previous:Worm.SymbOS.Cabir.k

Virus Source from:

New articles

Net-Worm.Win32.Kido.irThe kido worm family creates files autorun.inf and RECYCLED{SID<....>}RANDOM_NAME.vmx on removable drives (sometimes on public network shares) Net-Worm...MS10-061MS10-061 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Windows Print Spooler service on Wind...MS10-062MS10-062 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in MPEG-4 codec on Windows 2008/vISTA/2003/XP computers, wh...MS10-063MS10-063 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Unicode Script Processor on Windows 2...Autorun.AOLAdditionally, it has backdoor characteristics, as it attempts to connect to an IRC channel in order to receive instructions from its creator, such as downloadin...

Hot Articles

Worm.Win32.Zindos.a

Computer Virus Clounds