|
|
I-Worm.Lee-SaltLak Viruses Information
| Name: |
I-Worm.Lee-SaltLak |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Lee-SaltLake
This is a simple worm that replicates through e-mail messages and IRC channels.
The worm arrives in an infected message with an attached VBS file, which is actually the worm's body. Infected messages have the following properties:
Subject: You get off the ice and respect the referees decision
Message body: Do you agree with the judge''s decision to disqualify a Korean skater and award Apolo Ohno the gold medal Wednesday night?
Attachment name: SALTLAKE.jpg.vbs
When the worm is launched (when the is worm clicked in an infected file), it copies itself to the Windows system directory with the "SALTLAKE.jpg.vbs" name and registers this file in the registry autorun key.
Then the worm finds the directory where the mIRC client is installed and creates there a "SCRIPT.INI" file. The worm writes in its commands that send the worm's body to each computer that connects to IRC channels, to which an infected computer is connected.
After creating the "SCRIPT.INI" file, the worm writes an infection mark to the system registry. This mark prevents the worm from writing to the "SCRIPT.INI" file again.
This worm was created using the worm constructor "Vbs Worms Generator", which was written by the hacker with the pseudonym [K]alamar. This constructor was also used to create the "Anna Kournikova", "Antrax" and other worms. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Macro.Word.Shuffl
Sylvia Famil
Tibet.142
Backdoor.Phase.1
Brothers.204
Email-Worm.Win32.Antiman.
Attack.358
Devastator.30
I-Worm.Gigge
Mefl.62
|
|
