high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 6 October 2005 20:33:12 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Nanpy-I.
More Information
W32/Nanpy-I is a worm for the Windows platform. It may spread to vunerable computers via the RPC-DCOM exploit, and attempt to redirect access to various banking websites.
The following patches for the operating system vulnerabilities exploited by W32/Nanpy-I can be obtained from the Microsoft website:
When first run W32/Nanpy-I copies itself to <System>\kkm.exe.
The following registry entry is created to run kkm.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KKM Service
<System>\kkm.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
KKM Service
<System>\kkm.exe
The worm attempts to download and run an executable file from a remote URL.
W32/Nanpy-I may modify the HOSTS file, mapping the URLs of banking websites to a remote IP. At the time of writing, this IP address is not functional. Entries are added for:
lloydstsb.co.uk
online.lloydstsb.co.uk
www.lloydstsb.co.uk
www.lloydstsb.com
personal.barclays.co.uk
barclays.co.uk
ibank.barclays.co.uk
www.barclays.co.uk
www.nwolb.com
nwolb.com
hsbc.co.uk
www.hsbc.co.uk
abbey.com
www.abbey.com
www.abbey.co.uk
abbey.co.uk
cahoot.com
www.cahoot.com
www.cahoot.co.uk
cahoot.co.uk
www.co-operativebank.co.uk
co-operativebank.co.uk
www.co-operativebank.com
co-operativebank.com
welcome2.co-operativebankonline.co.uk
welcome6.co-operativebankonline.co.uk
welcome8.co-operativebankonline.co.uk
welcome10.co-operativebankonline.co.uk
www.smile.co.uk
smile.co.uk
www.cajamar.es
cajamar.es
www.cajamar.com
www.unicaja.es
unicaja.es
www.unicaja.com
unicaja.com
www.caixagalicia.es
caixagalicia.es
www.caixagalicia.com
caixagalicia.com
activa.caixagalicia.es
www.caixapenedes.es
caixapenedes.es
www.caixapenedes.com
caixapenedes.com
bancae.caixapenedes.com
www.caixasabadell.es
caixasabadell.es
www.caixasabadell.net
caixasabadell.net
www.cajamadrid.es
cajamadrid.es
www.cajamadrid.com
cajamadrid.com
oi.cajamadrid.es
www.ccm.es
ccm.es
www.haspa.de
haspa.de
ssl2.haspa.de
www.dresdner-bank.de
dresdner-bank.de
www.dresdner-privat.de
postbank.de
www.postbank.de
banking.postbank.de
www.sparda-b.de
sparda-b.de
www.bankingonline.de
www.raiffeisenbank-erding.de
raiffeisenbank-erding.de
www.vr-networld-ebanking.de
vr-networld-ebanking.de
www.bnhof.de
bnhof.de
www.deutsche-bank.de
deutsche-bank.de
meine.deutsche-bank.de
www.citibank.de
citibank.de
cipehb13.cdg.citibank.de
www.dkb.de
dkb.de
www.sparkasse-regensburg.de
sparkasse-regensburg.de
www.berliner-bank.de
berliner-bank.de
www.berliner-sparkasse.de
berliner-sparkasse.de
|
