Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Potar. Viruses Information

Name: I-Worm.Potar.
Category: Viruses
Description: Details
I-Worm.Potar.a
Potar is a worm virus spreading via the Internet as an attachment to infected emails.
The worm itself is a Windows PE EXE file approx. 202KB in length when compressed by UPX, the decompressed size is approx. 500KB; it is written in Delphi.
Infected email messages have the following attributes:
From: mariya@mail.ru Subject: Masha Body:
Privet!!! Izvini chto tak dolgo ne pisala. Poteryala tvoy adres. No Irina dala mne ego. Vot Fotka, kotoru ti prosil. Gdu otveta. Tvoya Masha
Attachment: PhotoRar.exe
The worm is activated from infected emails only when a user clicks on the attached file. Once run the worm installs itself to the system and runs its spreading routine. Installing
While installing the worm copies itself to the Windows directory under the name "PhotoRar.exe" and registers this file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun Kernell32Dll = %windir%PhotoRar.exe
The worm then displays an error message.
The 'Potar' worm also creates the "supafly.dat" file in the Windows directory and writes the following text to this file:
Salam vsem IZ AFRIKI. OSOBENNIY PRIVET GREEN13 v Bishkeke !!!
Spreading
To send out infected messages the worm uses the default SMTP server.
To get victim email addresses the 'Potar' downloads Web pages from seven different forums located at:

http://forum.rol.ru (three forums are downloaded here)
http://www.studio.by (one forum is downloaded here)
http://diesel.elcat.kg (three forums are downloaded here)

The 'Potar' worm extracts email addresses from the downloaded pages.



Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Slovakia.II.3584.
Python.114
Macro.Word.Dav
Rikki famil
PressReset.60
Night.204
Anarchy.938
BugBear (a.k.a. Tanatos
Raubkopie.221
Trojan-Downloader.Win32.CWS.ge


 

© 2006-2008 spyware32.com - Privacy Policy