Win32/Nuwar.M

Typ infiltr??cie: červ
VeĞkos??: 17 559 B
Zasiahnut?� platformy: Microsoft Windows
Kr??tky popis: Win32/Nuwar.M je červ, ktor?? sa ???�ri elektronickou po??tou.

In??tal??cia

Po spusten?� sa červ skop?�ruje do priečinku %system% s jedn??m z nasleduj??cich mien:

alsys.exe
ppl.exe

Zap?�??e i ďal???� spustiteĞn?? s??bor s n??hodn??m menom. VeĞkos?? tohto s??boru je 6295 B. Sp??????anie pri ka?�dom ??tarte syst?�mu zabezpeč?� pridan?�m nasleduj??cich polo?�iek do datab??zy Registry : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Agent

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Agent

Do polo?�iek červ ulo?�?� cestu k svojmu spustiteĞn?�mu s??boru.

?�?�renie elektronickou po??tou

Adresy elektronickej po??ty na ďal??ie ???�renie hĞad?? v lok??lnych s??boroch, ktor?� maj?? jednu z nasleduj??cich pr?�pon:

.hta
.htm
.txt

Pou?�ije i adresy z Adres??ra syst?�mu Windows. Ignoruje adresy, ktor?� obsahuj?? niektor?? z nasleduj??cich re??azcov:

.gov
.mil
microsoft

Niektor?� z nasleduj??cich re??azcov mo?�u by?? čas??ou adresy odosieĞateĞa:

Aldora
Alysia
Amorita
Anita
April
Ara
Aretina
Barbra
Becky
Bella
Bettina
Blenda
Briana
Bridget
Caitlin
Camille
Cara
Carla
Carmen
Clarissa
Damita
Danielle
Daria
Diana
Donna
Dora
Doris
Ebony
Eden
Eliza
Emily
Erika
Eve
Evelyn
Faith
Gale
Gilda
Gloria
Haley
Helga
Holly
Chelsea
Ida
Idona
Iris
Isabel
Ivana
Ivory
Janet
Jewel
Joanna
Julie
Juliet
Kacey
Kali
Kara
Kassia
Katrina
Kyle
Lara
Laura
Linda
Lisa
Lolita
Lynn
Maia
Mary
Melody
Mimi
Myra
Nadia
Naomi
Natalie
Nicole
Nina
Nora
Nova
Olga
Olivia
Pamela
Peggy
Queen
Rae
Rachel
Rita
Rosa
Ruby
Sharon
Silver
Ula
Uma
Valda
Valora
Vanessa
Vicky
Violet
Vivian
Wendy
Willa
Xandra
Xenia
Xylia
Zenia
Zilya
Zoe

Spr??va m?? nasleduj??ci predmet:

Happy New Year!

Telo spr??vy je pr??zdne. Pr?�lohou je spustiteĞn?? s??bor s červom. M?? nasleduj??ce meno:

postcard.exe

In?� inform??cie

Ukončuje nasleduj??ce procesy:

anti
avg
avp
blackice
f-pro
firewall
hijack
lockdown
mcafee
msconfig
nav
nod32
rav
reged
spybot
taskmgr
troja
viru
vsmon
zonea

�?erv sa sna?�?� stiahnu?? niekoĞko s??borov z Internetu. S??bory potom spust?�.

This entry was posted on Utorok, Január 2nd, 2007 at 5:47 pm and is filed under Encyklop?�dia, Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.