Nume:Worm/VB.AT.1
Descoperit pe data de:03/08/2005
Tip:Vierme
ITW:Da
Numar infectii raportate:Scazut
Potential de raspandire:Mediu
Potential de distrugere:Scazut
Fisier static:Da
Marime:12.288 Bytes
MD5:85add335b75d9a6c44019f5ffdbf2b9a
Versiune VDF:6.31.01.54

 General Metoda de raspandire:
   • Discuri de retea mapate


Alias:
   •  Symantec: W32.Cabreck
   •  Mcafee: W32/CableNet.worm
   •  Kaspersky: Worm.Win32.VB.at
   •  TrendMicro: WORM_CABRECK.A
   •  Sophos: W32/Cablenet-A
   •  Grisoft: Worm/VB.DR
   •  VirusBuster: Worm.Cablenet.A
   •  Eset: Win32/VB.NCN
   •  Bitdefender: Win32.Cablenet.A


Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Modificari in registri

 Fisiere O sectiune este adaugata fisierului.
– Catre: %WINDIR%\win.ini Cu urmatorul continut:
   • [CopyRight]
     Author= Gabe
     Name= Cable
     Origin= India
     Type= Netwreck Worm
     Credicts= [Cable] By Gabe (Gabe Roq's Inc.)
     Warning= Amazing things will happen, you just wait...
     Note= Your Death is comming...Anticipation afterall is everything!
     SignNote= Because Death is only the beginning...
     Quote= For those who believe no explanation is necessary, for those who don't nothing will suffice.




Este creat fisierul:

– %WINDIR%\Cable.ini Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • [CopyRight]
     Author= Gabe
     Name= Cable
     Origin= India
     Type= Netwreck Worm
     Credicts= [Cable] By Gabe (Gabe Roq's Inc.)
     Warning= Amazing things will happen, you just wait...
     Note= Your Death is comming...Anticipation afterall is everything!
     SignNote= Because Death is only the beginning...
     Quote= For those who believe no explanation is necessary, for those who don't nothing will suffice.

 Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:

– HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
   • "run"="Cable.exe"

 P2P  Pentru a infecta alte sisteme din retele Peer-to-Peer, efectueaza urmatarele operatii:  


Cauta urmatoarele directoare:
   • %radacina partitiei Windows%
   • c:\windows

Cauta toate directoarele partajate in retea.

   Daca reuseste, sunt create urmatoarele fisiere:
   • Cable.exe; FileCryptor.exe; Microsoft SP4.exe; Acrobat Reader.exe;
      Setup.exe; NAI Mcafee.exe; Norton AV.exe; PGP Free.exe; Password
      recovery.exe; KazzaP2P.exe; Download accelerator.exe; Linux
      Source.exe; Winzip.exe; Lotus app.exe; Netscape.exe; Money Manger.exe;
      Paypal.exe; FixMydoom.exe; BillSux.exe; MorpheusP2P.exe; E_donkey.exe;
      Calvin and Hobbes.exe

   Aceste fişiere sunt copii ale malware-ului.



Directorul partajat poate arata astfel:


 Detaliile fisierului Limbaj de programare:
 Limbaj de programare folosit: Visual Basic.


Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
   • UPX

Description inserted by Irina Boldea on Tuesday, May 16, 2006
Description updated by Irina Boldea on Tuesday, May 16, 2006

Back . . . .