Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
|
Minimum DAT
4244 (2003-01-22) Updated DAT5579 (2009-04-09) |
Minimum Engine
5.1.00 File LengthVaries |
Description Added
2003-01-16 Description Modified2003-01-16 |
Malware Proliferation
Characteristics
The worm does not carry any payload but, being Javascript, it's easy to modify the generated worm and add distructive capabilities.
Symptoms
Method of Infection
The kit used to generate this class of worms is customizable so that each infection method can be independently embedded in the worm code. The infection methods provided in the latest version of the generator include:
- Ms-OutLook: Mass mail itself to Outlook address book recipients.
- mIrc: Send itself to other IRC users, via mIRC.
- pIrc: Send itself to other IRC users, via pIrc.
- vIrc: Send itself to other IRC users, via vIrc.
- Kazaa: Copy itself in the Kazaa shared folder.
- Kazaa-Lite: Copy itself in the Kazaa-Lite shared folder.
- Morpheus: Copy itself in the Morpheus shared folder.
- Grokster: Copy itself in the Grokster shared folder.
- Bear Share: Copy itself in the Bear Share shared folder.
- symLink: Generate a lnk to itself into all path folders.
The worm copies itself in the German autostart folder
Windows\Startmenu\Programme\AutoStart, in the english autostart folder Windows\Startmenu\Programs\StartUp and modifies the win.ini and system.ini files to be executed at startup.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants