Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Worm.Win32.Busa Viruses Information

Name: Worm.Win32.Busa
Category: Viruses
Description: Details
Worm.Win32.Busan
The Busan worm spreads through networks by copying itself to all accessible network resources. The worm is a Windows application (PE EXE-file) that is compressed with UPX and has a size 14KB. Its code is written in the C ++ programming language.
When run the worm sends out a message via ICQ to UIN the author, and then proceeds to copy itself to the Windows directory under the name files32.sys. The Busan worm also copies to the Windows directory a file named mh32.dll which is a keyboard 'interceptor'. Then the worm tries to copy itself under the name auto.exe to the following directories:
C:WINDOWSAll UsersStart MenuProgram FilesStartUp C:WINDOWSAll Users?' ?-R? ?-Ï?ÁR?Á Ì??×R ?ÁÇ?
Because of a mistake in its code it fails to successfully copy itself to the above directories. Busan then probes IP-addresses and copies itself to all accessible network resources.
Next the worm registers itself in the system registry key:
[HKEY_CLASSES_ROOTexefileshellopencommand]
@="files32.sys "%1" %*"

This entry causes the worm to be run anew each time any EXE-file is opened.
While running the worm collects all accessible names and passwords to the mail boxes registered in the system and stores them in the C:WINDOWSlmhost.log file. After this is done Busan tries to send this file to the malefactor (worm's master). The same file contains a complete record of keyboard strokes recorded by the keyboard interceptor represented by the file mh32.dll.
The Busan worm tries to download a file named worm31.bmp from an Internet web-site but cannot as the page has since been removed.



Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Yang.252
Cracky.546.
Ukraine Famil
Caterpillar.
Backdoor.Farna
Pottie.24
I-Worm.Sobig.
BAT.CopyTo
I-Worm.Bagle.a
Macro.Word.Ord


 

© 2006-2008 spyware32.com - Privacy Policy