Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution c
hannels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
5376 (2008-09-03) Updated DAT5377 (2008-09-04) |
Minimum Engine
5.2.00 File LengthN/A |
Description Added
2008-09-03 Description Modified2008-09-22 |
Malware Proliferation
Characteristics
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2008/09/22/cash_pyre_malware_lure/
--
The malware, often called MY.YOUTUBE.MOVIE.AVI.exe, spreads via spammed emails.
Upon execution, the malware attempts to connect with the following remote servers to download further malwares:
- 66.197.211.101
66.29.53.123
74.53.153.93
Symptoms
- the presense of the described file
- the presense of network traffic
Method of Infection
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants