Detect Date | 04/09/2009 |
Class | Net-Worm |
Platform | Win32 |
Description |
When launched, the worm injects its code in the address space of one of the active “svchost.exe” system processes. This code delivers the worm’s main malicious payload and:
The worm may also download files from links of the type shown below: http://<URL>/search?q=<%rnd2%> rnd2 is a random number; URL is a link generated by a special algorithm which uses the current date. The worm gets the current date from one of the sites shown below: http://www.w3.org http://www.ask.com http://www.msn.com http://www.yahoo.com http://www.google.com http://www.baidu.com Downloaded files are saved to the Windows system directory under their original names. |
Find out the statistics of the threats spreading in your region |