|
|
IRC-Worm.Tetri Viruses Information
| Name: |
IRC-Worm.Tetri |
| Category: |
Viruses |
| Description:
|
Details
IRC-Worm.Tetris
This is an IRC worm that spreads via IRC channels. The worm itself is a Win32 application about 70Kb in size. It has two main routines: infection and game, both of which are activated upon infected-program running. The first one infects a computer so that it will spread the worm copies further to IRC chats; the second one displays a "Tetris" game that is used to mask the worm's activity: this routine emulates real and complete "Tetris"-like game.
To spread itself, the worm looks for an mIRC client in four directories:
C:Mirc
C:Program Filesmirc
D:mirc D:Program Filesmirc
If one is found, the worm creates additional files:
C:Windowsscript.bak - mIRC script program
C:backup.vbs - VBS program that later will complete installation
C:Windowssystem.exe - copy of worm EXE file
The "C:backup.vbs" is then registered in the auto-run registry key as:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
SysFile = C:Backup.vbs
As a result, it is run each time the system starts up, and then copies files:
C:Windowsscript.bak to mIRC directory with "script.ini" name
C:Windowssystem.exe to C:tetris.exe
The "script.ini" file is a short mIRC program that sends C:tetris.exe file to everybody who enters infected channel. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
I-Worm.Sant
RedCode.151
Win32.Drille
Backdoor.Antilam.ge
I-Worm.Nave
Viva.74
Sayha.400
WhatsAll.56
Win32.HLLO.Harrier.1821
FartStorm.379
|
|
