Class | Trojan |
Platform | Win32 |
Description |
Technical DetailsThis is a worm written in Visual Basic Script language (VBS). It spreads through a network by coping itself to other computers in the network. Upon being activated, the worm generates a random network IP address (for example 145.65.28.0), and tries to connect to all computers in this network. It changes the last octet of an address from 1 to 255 and tries to connect. If the connection is accepted, the worm copies itself to a connected computer on
If all computers in this network are inaccessible, the worm generates a new network IP address. The worm creates a file “C:NETWORK.LOG”. In this file, the worm writes all of its activities. The file content appears as follows:
The spreading ability of this worm is very low, because search of a victim computer takes a lot of time and most computers reject a requested connection. |
Find out the statistics of the threats spreading in your region |