thedark
Second Lieutenant
Joined: 30 Jul 2005
Posts: 1074
|
 Posted: Sat Jul 30, 2005 2:39 pm Post subject: Net-Worm.Win32.Mytob.be |
 |
|
This network worm infects computers running under Windows and spreads via a vulnerability in MS Windows LSASS.
It also spreads via the Internet as an attachment to infected messages. It sends itself to email addresses harvested from the victim computer.
It is almost identical to a previous variant in this family, Net-Worm.Win32.Mytob.h
However, it differs in the following insignificant ways:
This variant is approximately 50KB in size, packed using Pacman + PEncypt. The unpacked file is approximately 100KB in size.
The worm copies itself to the system directory as beta.exe
It then registers this file in the following registry keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WINDOWS SYSTEM" = "beta.exe"
It contains the following text string:
"[x] starting HellBot::v3 beta2" |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
