W32/Mytob-C

Categoría:	Virus y programas espía	Protección disponible desde:	11 jul 2006 00:00:00 (GMT)
Tipo:	Win32 executable file virus	Última actualización:	27 ene 2009 18:14:50 (GMT)
Predominio:

Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

W32/Mytob-C is a mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

When first run the worm copies itself to the Windows system folder as wfdmgr.exe and creates the following registry entries so as to auto-start:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LSA
wfdmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LSA
wfdmgr.exe

HKLM\Software\Microsoft\OLE
LSA
wfdmgr.exe

HKLM\System\CurrentControlSet\Control\Lsa
LSA
wfdmgr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
LSA
wfdmgr.exe

HKCU\Software\Microsoft\OLE
LSA
wfdmgr.exe

HKCU\System\CurrentControlSet\Control\Lsa
LSA
wfdmgr.exe

The worm will attempt to harvest email addresses from the local hard disk by scanning files with extensions WAB, PL, ADB, TBB, DBX, ASP, PHP, SHTL and HTM.

Emails sent by W32/Mytob-C have the following layout:

Subject line chosen from:

Error

Status

Server Report

Mail Transaction Failed

Mail Delivery System

hello

hi

Message text chosen from:

This is a multi-part message in MIME format.

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sent as a binary attachment.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attached filename chosen from the following with an extension chosen from (bat cmd exe scr pif zip):

message
test
data
file
text
doc
readme
document

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

W32/Mytob-C

Free Mac Anti-Virus

Temas populares