Detect Date | 11/07/2005 |
Class | Email-Worm |
Platform | Win32 |
Description |
The worm contains a list of URLs, which will be checked for the presence of files: http://5050clothing.com*** http://axelero.hu*** http://calamarco.com*** http://ceramax.co.kr*** http://charlesspaans.com*** http://chatsk.wz.cz*** http://checkalertusa.com*** http://cibernegocios.com.ar*** http://cof666.shockonline.net*** http://comaxtechnologies.net*** http://concellodesandias.com*** http://dev.jintek.com*** http://dogoodesign.ch*** http://donchef.com*** http://erich-kaestner-schule-donaueschingen.de*** http://foxvcoin.com*** http://grupdogus.de*** http://hotchillishop.de*** http://ilikesimple.com*** http://innovation.ojom.net*** http://kisalfold.com*** http://knickimbit.de*** http://kremz.ru*** http://massgroup.de*** http://poliklinika-vajnorska.sk*** http://prime.gushi.org*** http://svatba.viskot.cz*** http://systemforex.de*** http://uwua132.org*** http://vanvakfi.com*** http://vega-sps.com*** http://vidus.ru*** http://viralstrategies.com*** http://Vivamodelhobby.com*** http://vkinfotech.com*** http://vproinc.com*** http://v-v-kopretiny.ic.cz*** http://vytukas.com*** http://waisenhaus-kenya.ch*** http://watsrisuphan.org*** http://wbecanada.com*** http://web-comp.hu*** http://webfull.com*** http://welvo.com*** http://wvpilots.org*** http://www.ag.ohio-state.edu*** http://www.ag.ohio-state.edu*** http://www.chapisteriadaniel.com*** http://www.chittychat.com*** http://www.cort.ru*** http://www.crfj.com*** http://www.kersten.de*** http://www.kljbwadersloh.de*** http://www.voov.de*** http://www.walsch.de*** http://www.wchat.cz*** http://www.wg-aufbau-bautzen.de*** http://www.wzhuate.com*** http://xotravel.ru*** http://yeniguntugla.com*** http://zebrachina.net*** http://zsnabreznaknm.sk*** If a file is found at any of these addresses, it will be downloaded to the victim machine: %System%re_file.exe The file will then be launched for execution. For example Email-Worm.Win32.Bagle.at:
wingo.exe wingo.exeopen wingo.exeopenopen [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] "wingo"="%system%wingo.exe" |
Find out the statistics of the threats spreading in your region |