Class | Worm |
Platform | Win32 |
Description |
Technical DetailsThis is a multi-component network worm. The worm spreads over shared network resources. The worm has bugs and has a little chance to spread over networks. The worm’s components are: cnn3.exe - the main component (Win32 EXE file about 350K of size) abc.bat - BAT file (about 1344 bytes) main.exe - trojan component (Win32 EXE file, 53280 bytes) psexec.exe - remote execution utility (not a virus/trojan, Win32 EXE file, 122880 bytes) slacke-worm.exe - searches for network addresses (Win32 EXE files, 25K/28K depending on worm version) The main worm component is “trojan dropping” utility and is detected as On run it creates the “C:sp” subdirectory, drops and executes following files in there: C:spabc.bat C:spmain.exe C:sppsexec.exe C:spslacke-worm.exe The “main.exe” component is the backdoor trojan, and it is detected as “Backdoor.SdBot”. The “slacke-worm.exe” component looks for network resources and tries to copy and activate worm copy in there with a help of two other components: abc.bat - tries to connect to a remote resource by trying a set of logins and passwords psexec.exe - is used to run remote worm copy on remote computer. |
Find out the statistics of the threats spreading in your region |