Class | Worm |
Platform | Win32 |
Description |
Technical DetailsSluter is a worm virus that spreads over Win32 networks through shared resources. The worm is a Windows PE EXE file about 18KB in length (when compressed by UPX, the decompressed size is about 45KB). It is written in Microsoft Visual C++. When the infected file is run the worm registers itself in the system registry auto-run key: HKLMSoftwareMicrosoftWindowsCurrentVersionRun superslut = { worm file name } Next, Sluter runs its spreading routines. The spreading routine runs up to 60 “threads” which scan port 445 at random IP addresses. When successfully connecting to a victim machine it tries to locate open resources on the remote computer and connects to them using several passwords such as: "","admin", "root", "123", e.t.c. If a successful connection is made the worm copies itself to the victim machine under the following names: c$winntsystem32msslut32.exe Admin$system32msslut32.exe The worm doesn’t have any payload and does not manifest itself in any other way. |
Find out the statistics of the threats spreading in your region |