Virus:Worm/Licat.I.5
Date discovered:10/12/2006
Type:Worm
In the wild:No
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:77.824 Bytes
MD5 checksum:bd1e990d184af45c5cf1241245407bb2
VDF version:6.36.01.145
IVDF version:6.36.01.153 - Sunday, December 10, 2006

 General Method of propagation:
   • Messenger


Aliases:
   •  Kaspersky: IM-Worm.Win32.Licat.i
   •  F-Secure: IM-Worm.Win32.Licat.i
   •  Sophos: W32/Blowhen-B
   •  Grisoft: Worm/Licat.A
   •  Bitdefender: Worm.IM.Licat.I


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger


To:
All online contacts in the contact list.


Message

   • check :P %link%


%link%
While the wildcard is the following:
   • http://75.126.60.124/dailymod/photo.php?.com/**********

At the time of analysis the file was not online anymore.


The received message may look like the following:


 File details Programming language:
 The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Adriana Popa on Thursday, January 11, 2007
Description updated by Adriana Popa on Thursday, January 11, 2007

Back . . . .