high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | May 2006 (4.05) |
| Protection available since | 10 February 2006 22:50:05 (GMT) |
| Last updated | 22 March 2006 21:24:28 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Antinny-P is a Peer-to-peer worm for the Windows platform that spreads via file sharing on WinNY networks.
W32/Antinny-P includes functionality to steal confidential information W32/Antinny-P is a Peer-to-peer worm for the Windows platform that spreads via file sharing on WinNY networks.
W32/Antinny-P includes functionality to steal confidential information
-by searching files with the following extensions:
TXT
PDF
DOC
XLS
DBX
PPT
-by saving desktop screenshots into the JPEG files
-by logging IP configurations
W32/Antinny-P packs the stolen information together with a copy of the worm in the <random>@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@.zip file to be shared through the mentioned peer-to-peer file sharing utility.
When first run W32/Antinny-P copies itself to <Windows system folder>\drivers\etc\svchost.exe and to <Windows system folder>\wbem\<random>@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@.exe,
and creates the following files:
<Windows temp folder>\mstemp.exe
<Windows system folder>w32secm.exe
The following registry entry is created to run W32/Antinny-P on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Security Manager
<Windows system folder>\drivers\etc\svchost.exe -c -ax
|
