This is a multi-component network worm. The worm spreads over shared network resources. The worm has bugs and has a little chance to spread over networks.
The worm’s components are:
cnn3.exe - the main component (Win32 EXE file about 350K of size) abc.bat - BAT file (about 1344 bytes) main.exe - trojan component (Win32 EXE file, 53280 bytes) psexec.exe - remote execution utility (not a virus/trojan, Win32 EXE file, 122880 bytes) slacke-worm.exe - searches for network addresses (Win32 EXE files, 25K/28K depending on worm version)
The main worm component is “trojan dropping” utility and is detected as
On run it creates the “C:sp” subdirectory, drops and executes following files in there:
C:spabc.bat C:spmain.exe C:sppsexec.exe C:spslacke-worm.exe
The “main.exe” component is the backdoor trojan, and it is detected as “Backdoor.SdBot”.
The “slacke-worm.exe” component looks for network resources and tries to copy and activate worm copy in there with a help of two other components:
abc.bat - tries to connect to a remote resource by trying a set of logins and passwords psexec.exe - is used to run remote worm copy on remote computer.