|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Malware Advisories (RSS) Malware Security Advisories Via RSS |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Worm_onlineg.gak | iBot | Malware Advisories (RSS) | 0 | 04-18-2008 05:50 AM |
| Worm_onlineg.aia | iBot | Malware Advisories (RSS) | 0 | 04-08-2008 03:10 AM |
| Worm_onlineg.vqz | iBot | Malware Advisories (RSS) | 0 | 04-01-2008 01:10 AM |
| Worm_onlineg.ugz | iBot | Malware Advisories (RSS) | 0 | 03-29-2008 08:30 AM |
| Worm_onlineg.djo | iBot | Malware Advisories (RSS) | 0 | 01-30-2008 04:00 PM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#1
02-05-2008
|
||||
|
||||
|
Worm_onlineg.flu
This worm drops several files, some of which are detected as TROJ_NSANTI.FW.
A dropped .DLL component is then injected as thread into running processes, particularly EXPLORER.EXE, for it to remain memory-resident. This makes it difficult to terminate. The dropped .DLL component also serves as the information-theft and propagation component. This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed. This worm monitors the following processes to steal sensitive information, such as user names and passwords, related to certain online games. This worm accesses a URL to download an updated version of itself. It then executes the downloaded file. As a result, new behaviors of this worm may be exhibited on the affected system. It then adds a registry key and entry to record its latest version. More... 
|
||||
| Google The UNIX and Linux Forums |
| Forum Sponsor | ||
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
