high
Summary
Summary
Action- More Information
| Protection available since | 10 June 2004 13:19:16 (GMT) |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Spybot-CM is a peer-to-peer (P2P) worm that spreads via common file
sharing networks.
In order to run automatically when Windows starts up the worm copies itself to
the file SPOLSV.EXE in the Windows System32 folder and adds the following
registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Winsock2 driver = SPOLSV.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Winsock2 driver = SPOLSV.EXE
W32/Spybot-CM attempts to spread using the KaZaA peer-to-peer network by
creating a subfolder named kazaabackupfiles in the Windows System folder
and adding the following registry entry:
HKCU\Software\Kazaa\localcontent\
dir0 = C:\<Windows System32>\kazaabackupfiles
This worm will copy itself into this folder using the following filenames:
Anal Sex.exe
Diablo.exe
Hack Hotmail.exe
Hotmail Password Hacker.exe
MSN Messenger 6.exe
Macromedia Director MX Crack.exe
Macromedia DreamWeaver MX Crack.exe
Macromedia Fireworks Crack.exe
Macromedia Flash MX Crack.exe
Macromedia FreeHand MX Crack.exe
Macromedia Studio MX Crack.exe
Mas de mil cracks serials y no cd.exe
Mcfee Antivirus.exe
Norton Antivirus Crack.exe
Sexfree.exe
Sexo con perros, zoofilia.exe
WinSmurf.exe
Windows 2000 Professional.exe
Windows2000 Serial.exe
WindowsXP Serial.exe
ZoneAlarm Pro Crack.exe
download_me.exe
irc Nuker.exe
papasmurf.exe
The worm contains a list of passwords that are used to spread to other
computers on the network.
W32/Spybot-CM also has backdoor functions that can be controlled by a
remote attacker over IRC.
|
