W32/Eyeveg-F is a worm for the Windows platform with backdoor capabilities.
W32/Eyeveg-F will send itself to email addresses found on the infected computer as a ZIP file.
W32/Eyeveg-F will also attempt to contact a predefined URL in order to get commands. The tasks that the worm can be instructed to perform are:
Keylogging
Monitoring web traffic
Sending email
Stealing passwords from infected computer
W32/Eyeveg-F is a worm for the Windows platform with backdoor capabilities.
W32/Eyeveg-F will send itself to email addresses found on the infected computer as a ZIP file. The executable in the ZIP file will have one of the following names:
Details.doc .scr
Girls.jpg .scr
Image.jpg .scr
Love.jpg .scr
Message.txt .scr
Music.mp3 .scr
News.doc .scr
Photo.jpg .scr
Pic.jpg .scr
Resume.doc .scr
Screensaver .scr
Song.wav .scr
Video.avi .scr
The ZIP file's name and the subject will be the same as the name above without an extension.
W32/Eyeveg-F will also attempt to contact a predefined URL in order to get commands. The tasks that the worm can be instructed to perform are:
Keylogging
Monitoring web traffic
Sending email
Stealing passwords from infected computer
W32/Eyeveg-F will avoid sending email to addresses containing the following strings:
abuse
admin
hostmaster
localdomain
localhost
mcafee
messagelab
microsoft
noreply
postmaster
recipients
reports
root
spam
symantec
webmaster
W32/Eyeveg-F will copy itself to the Windows system folder with a random name. W32/Eyeveg-F will then create the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<random>
<random>.exe