high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Included in our products from | July 2005 (3.95) |
| Protection available since | 16 May 2005 11:46:45 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing W32/Eyeveg-G.
More Information
W32/Eyeveg-G is a worm for the Windows platform with backdoor capabilities. W32/Eyeveg-G is a worm for the Windows platform with backdoor capabilities.
W32/Eyeveg-G will send itself to email addresses found on the infected computer as a ZIP file. The executable in the ZIP file will have one of the following names:
screensaver .scr
song.wav .scr
music.mp3 .scr
video.avi .scr
photo.jpg .scr
girls.jpg .scr
pic.jpg .scr
message.txt .scr
image.jpg .scr
news.doc .scr
details.doc .scr
resume.doc .scr
love.jpg .scr
readme.txt .scr
The ZIP file's name and the subject will be the same as the name above without an extension.
W32/Eyeveg-G will also attempt to contact a predefined URL in order to get commands. The tasks that the worm can be instructed to do are:
Keylogging
Monitoring web traffic
Sending email
Stealing passwords from an infected computer
W32/Eyeveg-G will avoid sending email to addresses containing the following strings:
admin
hostmaster
messagelab
symantec
localdomain
localhost
mcafee
postmaster
webmaster
spam
report
noreply
recipients
abuse
microsoft
root
W32/Eyeveg-G will copy itself to the Windows system folder with a random name. W32/Eyeveg-G will then create the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<random>
<random>.exe
W32/Eyeveg-G also drops a DLL with a random filename to the Windows system folder.
|
