//start foreach
English
//start foreach
Deutsch
//start foreach
Français
//start foreach
Español
//start foreach
Italiano
//start foreach
Русский
//start foreach
日本語
//start foreach
Português
Portal
Amenazas
Worm/Pakes.02
Búsqueda
Portal
Soporte
Soluciones
Productos
Descargas
Amenazas
Estadísticas
Mapamundi de Phishing
Historial de VDF
Información sobre virus
Cargar archivo
Noticias de seguridad
Virus "In the Wild"
Compañía
Prensa
Socios
Newsletter
TechBlog
Worm/Pakes.02 - Worm
Vea también
Resumen
Descripción completa
Estadísticas
How would you rate this information?
Worthless
Excellent
Nombre:
Worm/Pakes.02
Descubierto:
21/07/2005
Tipo:
Gusano
En circulación (ITW):
No
Número de infecciones comunicadas:
Bajo
Potencial de propagación:
Medio-alto
Potencial dañino:
Alto
Fichero estático:
Sí
Tamaño:
94.208 Bytes
Suma de control MD5:
D8660E27C7342CDFFBEE98EA0D815DDC
Versión del VDF:
6.30.0.183
General
Método de propagación:
• Red local
Alias:
• Symantec: W32.Spybot.Worm
• Mcafee: W32/Sdbot.worm.gen.i
• Kaspersky: Trojan.Win32.Pakes
• TrendMicro: WORM_SDBOT.BVA
• Sophos: W32/Rbot-AHZ
Plataformas / Sistemas operativos:
• Windows 2000
• Windows XP
Efectos secundarios:
• Modificaciones en el registro
• Roba informaciones
• Posibilita el acceso no autorizado al ordenador
Ficheros
Se copia a sí mismo en la siguiente ubicación:
•
%WINDIR%
\sytem32\testtts.exe
Elimina la copia inicial del virus.
Registro
Añade las siguientes claves del registro para ejecutar los procesos al iniciar el sistema:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "TTS Sync"="testtts.exe"
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
• "TTS Sync"="testtts.exe"
Modifica las siguientes claves del registro:
– [HKLM\SOFTWARE\Microsoft\Ole]
Valor anterior:
• "EnableDCOM"="Y"
Nuevo valor:
• "EnableDCOM"="N"
– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
Valor anterior:
• "restrictanonymous"=dword:00000000
Nuevo valor:
• "restrictanonymous"=dword:00000001
Infección en la red
Emplea la siguiente información de inicio de sesión para obtener el acceso al sistema remoto:
– El siguiente listado de nombres de usuario:
• "Zytowski"; "Zwiers"; "Zurn"; "Zucconi"; "Zoldak"; "Zerbini";
"Zegans"; "Zangwill"; "Zahedi"; "Zachary"; "Youk-See"; "Yoo"; "Yoffe";
"Yetiv"; "Yesson"; "Yedidia"; "Ybarra"; "Yates"; "Yarchuk"; "Yankee";
"Yamane"; "Yacono"; "Votey"; "Vorhaus"; "Woods-Powell"; "Woods";
"Wooden"; "Woo"; "VonHoffman"; "Wolk"; "Voigt"; "Viviani"; "Vitali";
"Wilson"; "Willstatter"; "Villarreal"; "Wilkinson"; "Wilkin"; "Wilk";
"Wilhelm"; "Wilder"; "Vignola"; "Viens"; "Wiener"; "Wiedersheim";
"Viano"; "Viana"; "Whittaker"; "Whitla"; "White"; "Whilton";
"Whately"; "Wetzel"; "Wescott"; "Verghese"; "Venne"; "Wengret";
"Welsh"; "Welles"; "Velasquez"; "Weissman"; "Weissbourd"; "Weinhaus";
"Weingarten"; "Weighart"; "Waugh"; "Vasquez"; "Wasowska";
"Warshafsky"; "Vanheeckeren"; "Vandenberg"; "VanZwet"; "vanAllen";
"Walter"; "Wallenberg"; "Wales"; "Valencia"; "Valberg"; "Waite";
"Vacca"; "Uzuner"; "Usdan"; "Urdang-Brown"; "Urban"; "Upsdell";
"Untermeyer"; "Ullman"; "Tzamarias"; "Twells"; "Tuttle"; "Turek";
"Turano"; "Tukan"; "Tudge"; "Tuck"; "Tsukurov"; "Tsomides"; "Tsiatis";
"Truss"; "Troy"; "Troiani"; "Tringali"; "Trewin"; "Trenga";
"Traebert"; "Toye"; "Towler"; "Torske"; "Torresi"; "Topulos";
"Toomer"; "Tomford"; "Tolman"; "Tolls"; "Tollestrup"; "Tofallis";
"Timmons"; "Till"; "Tierney"; "Throop"; "Thomsen"; "Thisted";
"Thibault"; "Theodos"; "Thavaneswaran"; "Than"; "Terracini"; "Tenney";
"Temmer"; "Temes"; "Teague"; "Tcherepnin"; "Tawn"; "Taveras"; "Tatar";
"Tanowitz"; "Tandler"; "Tambiah"; "Talaugon"; "Tai"; "Tagiuri";
"Swindle"; "Sweetser"; "Sweeting"; "Surdam"; "Suo"; "Sumner";
"Sullivan"; "Stringer"; "Streiff"; "Strauch"; "Strange"; "Stott";
"Storer"; "Stonich"; "Stolzenberg"; "Stockwell"; "Stockton"; "Stock";
"Stillwell"; "Stiepock"; "Stewart-Oaten"; "Stepniewska"; "Stephanian";
"Steiner"; "Stefani"; "Statlender"; "States"; "Stassinopolus";
"Stang"; "Stam"; "Stalvey"; "StMartin"; "Spinrad"; "Spiliotis";
"Spiegelhalter"; "Spicer"; "Sperber"; "Spence"; "Speizer";
"Spaulding"; "Sparrow"; "Spanier"; "Soultanian"; "Soule"; "Soukup";
"Sottak"; "Sorg"; "Sorabella"; "Sommariva"; "Somers"; "Solon";
"Socolow"; "Snodgrass"; "Sniffen"; "Smilow"; "Slowe"; "Sloan";
"Skoda"; "Skerry"; "Skane"; "Sites"; "Sirilli"; "Sinsabaugh";
"Silvetti"; "Silverman"; "Signa"; "Sigini"; "Sigalot"; "Siesto";
"Shimon"; "Shibata"; "Shia"; "Shesko"; "Shepstone"; "Sheppard";
"Shepherd"; "Sheats"; "Shea"; "Shavelson"; "Shatrov"; "Shar";
"Shanley"; "Shankland"; "Shakis"; "Shaikh"; "Seyfert"; "Sexton";
"Seterdahl"; "Sennett"; "Sen"; "Selvage"; "Sekler"; "Segal"; "Seeber";
"Seaton"; "Scudder"; "Scovel"; "Schwickrath"; "Schwan"; "Schuyler";
"Schutte"; "Schuman"; "Schossberger"; "Schmitt"; "Schilling";
"Schifini"; "Schiano"; "Scheiner"; "Scharlemann"; "Scharf"; "Scepan";
"Scarponi"; "Sayied"; "Sawtell"; "Satterthwaite"; "Satta"; "Satin";
"Sase"; "Sartore"; "Sarin"; "Sapers"; "Sanna"; "Sanchez-Ramirez";
"Samson"; "Sali"; "Sahu"; "Safire"; "Sadler"; "Sabatello"; "Ryu";
"Rush"; "Ruescher"; "Ruderman"; "Ruan"; "Royal"; "Row"; "Ronen";
"Rogers"; "Roesler"; "Rocha"; "Robinson"; "Rivera"; "Rish"; "Rineer";
"Rindos"; "Rielly"; "Richmond"; "Rhea"; "Resnik"; "Repetto"; "Renick";
"Remak"; "Reinold"; "Cunningham"; "Reedquist"; "Redden-Tyler";
"Rayport"; "Rapple"; "Rankin"; "Rangan"; "Raney"; "Rajagopalan";
"Radeke"; "Rabkin"; "Rabe"; "Quetin"; "Quaday"; "Pynchon"; "Pugh";
"Puccia"; "Prothrow-Stith"; "Proietti"; "Pritz"; "Pritchard";
"Prevost"; "Preucel"; "Presper"; "Powers"; "Poolman"; "Poma";
"Politis"; "Polanyi"; "Polak"; "Poirier"; "Pointer"; "Poincaire";
"Pocobene"; "Plous"; "Plasket"; "Plant"; "Plancon"; "Pinot";
"Pilbeam"; "Pfister"; "Pettit"; "Pettibone"; "Petruzello"; "Peters";
"Perrimon"; "Perone"; "Perna"; "Perlman"; "Perlak"; "Perko";
"Pereira"; "Penny"; "Peishel"; "Pederson"; "Pearlberg"; "Peabody";
"Paynter"; "Pawloski"; "Pavlon"; "Pavetti"; "Pattullo"; "Patrick";
"Patefield"; "Pascucci"; "Partridge"; "Parris"; "Parmeggiani";
"Paoletti"; "Pantilla"; "Panizzon"; "Panadero"; "Palmitesta";
"Pallara"; "Palepu"; "Palayoor"; "Paine"; "PaesDealmeida"; "Ovid";
"Ouchida"; "Otten"; "Ottaviani"; "Ostrowski"; "Ospina"; "Orsi";
"Orfield"; "Oray"; "Opel"; "O'meara"; "Oman"; "O'malley"; "Olszewski";
"Olson"; "Olsen"; "Oldford"; "O'hagan"; "Ogata"; "Ocougne"; "Nuzum";
"Notman"; "Nitabach"; "Nisenson"; "Nickoloff"; "Nickerson"; "Newlin";
"Newfeld"; "Neuman"; "Nesci"; "Nenna"; "Nelson"; "Nayduch"; "Naviaux";
"Nardone"; "Nardi"; "Napolitano"; "Naddeo"; "Mussachio"; "Mumford";
"Mulroy"; "Mulkern"; "Mugnai"; "Muello"; "Mudarri"; "Motooka";
"Mostafavi"; "Mosler"; "Mosher"; "Mortimer"; "Morrow"; "Morrison";
"Moreton"; "Morani"; "MooreDeCh."; "Montilio"; "Monque"; "Moiamedi";
"Mohr"; "Moeller"; "Modestino"; "Mocroft"; "Mittal"; "Mitropoulos";
"Gonzalez"; "Minichiello"; "Mini"; "Minh"; "Mills"; "Mieher";
"Middle"; "Michelman"; "Meurer"; "Metropolis"; "Metelka"; "Merz";
"Merseth"; "Merminod"; "Merlani"; "Merikoski"; "Menzies"; "Memisoglu";
"Meccariello"; "Mcnulty"; "Mcnealy"; "Mclaren"; "Mclane"; "Mckenna";
"Mcintosh"; "McIlroy"; "Mcgoldrick"; "Mcghee"; "McFadden"; "Mcelroy";
"Mcdowell"; "Mcclearn"; "Mccall"; "Mccaffery"; "Mcbride"; "Mazziotta";
"Mazzali"; "May"; "Mauzy"; "Mattson"; "Matsukata"; "Matarazzo";
"Matalka"; "Mass"; "Marubini"; "Marton"; "Martochio"; "Martinez";
"Marques"; "Margetts"; "Margalit"; "Marcus"; "Marchbanks"; "March";
"Mantovan"; "Manganiello"; "Mandel"; "Manalis"; "Malova"; "Maller";
"Malatesta"; "Maisano"; "Maine-Hershey"; "Maier"; "Mahony"; "Maggio";
"Madigan"; "Macy"; "MacMillan"; "Mackenney"; "Macintyre";
"Maceachern"; "Macdonald"; "Maccormac"; "Luzader"; "Lutcavage";
"Lussier"; "Luoma"; "Lunetta"; "Luecke"; "Luczkow"; "Luciano";
"Lucas"; "Lubin"; "Loza"; "Lowenstein"; "Loveman"; "Loss";
"Longworth"; "Locatelli"; "Lizardo"; "Livolsi"; "Livi"; "Livernash";
"Litvak"; "Little"; "Lipponen"; "Lippmann"; "Linzee"; "Linehan";
"Line"; "Linder"; "Linda"; "Linares"; "Lim"; "Lightfoot"; "Light";
"Liem"; "Lidano"; "Liakos"; "Lessi"; "Lesser"; "l'Enclos"; "Lenard";
"Leite"; "Leclercq"; "Lecce"; "Lecar"; "Lawless"; "Lashley";
"Laserna"; "Lanzit"; "Lantieri"; "Lankes"; "Landes"; "Lallemant";
"Laing"; "Lafler"; "Labunka"; "Kuwabara"; "Kusman"; "Kumar";
"Kuenzli"; "Krysiak"; "Kroemer"; "Kraus"; "Krasney"; "Krailo";
"Kraemer"; "Kovaks"; "Kotter"; "Korzybski"; "Kool"; "Konrad";
"Koniaris"; "Kommer"; "Koivumaki"; "Kohn"; "Koch"; "Kobrick"; "Knuff";
"Klint"; "Klinkenborg"; "Kling"; "Klemperer"; "Kleinfelder";
"Kleiman"; "Kleckner"; "Kittridge"; "Kirscht"; "Kippenberger";
"Kinsley"; "Kindall"; "Kimura"; "Kimmett"; "Kimmel"; "Khong"; "Keul";
"Kerry"; "Kendall"; "Kemsley"; "Kempton"; "Kelsey"; "Kelker"; "Keith";
"Keepper"; "Keenan"; "Kee"; "Kawachi"; "Kasten"; "Kassower";
"Karpouzes"; "Kangis"; "Kamel"; "Kalman"; "Kalinowski"; "Kalil";
"Kaligian"; "Kalbfleisch"; "Kafadar"; "Kaboolian"; "Kabbash";
"Julious"; "Juliano"; "Jucks"; "Jorgensen"; "Jolly"; "Johns";
"Johannsen"; "Johannesson"; "Jewett"; "Jespersen"; "Jenkins";
"Jellis"; "Jeffers"; "Jay"; "Jarrell"; "Jarnagin"; "Janjigian";
"Jamil"; "Jain"; "Jagoe"; "Jagger"; "Jagers"; "Jackson"; "Jacenko";
"Iyer"; "Isserman"; "Isbill"; "Isaievych"; "Isaac"; "Inniss";
"Inamura"; "Igarashi"; "Ichikawa"; "Iaquinta"; "Hyde"; "Hutchings";
"Hurtubise"; "Hupp"; "Huntington"; "Hungerford"; "Huidekoper"; "Huey";
"Hoy"; "Howard"; "Hottle"; "Hostage"; "Hoshida"; "Horsley"; "Hopkins";
"Hooker"; "Holzman"; "Holway"; "Holter"; "Holoien"; "Holmes";
"Hokoda"; "Hokanson"; "Hoffman"; "Hoffer"; "Hock"; "Hoang";
"Hitchcock"; "Hirst"; "Hind"; "Himmelfarb"; "Heyeck"; "Heubert";
"Hester"; "Herrera"; "Hernandez"; "Henrichs"; "Henery"; "Hemphill";
"Helprin"; "Hellmiss"; "Hellman"; "Heiland"; "Heft"; "Heermans";
"Hazlewood"; "Haynes"; "Hayes"; "Hawkes"; "Haviaras"; "Harwell";
"Hartnett"; "Hartmann"; "Hartman"; "Harrigan"; "Harlow"; "Hargraves";
"Harding"; "Hanssen"; "Hand"; "Hammerness"; "Hamer"; "Hambarzumjan";
"Halpert"; "Hallowell"; "Halkias"; "Haley"; "Hackshaw"; "Hackman";
"Haar"; "Guo"; "Gunn"; "Guenthart"; "Gruppe"; "Gruner"; "Grummell";
"Grigoletto"; "Griffiths"; "Greenfeld"; "Greenberg"; "Gravell";
"Gozzi"; "Goody"; "Goodearl"; "Good"; "Goncalves"; "Goldfarb";
"Glendon"; "Glegg"; "Gleason"; "Gist"; "Gillispie"; "Gill"; "Gili";
"Gilbert"; "Gibson"; "Gibbens"; "Ghorai"; "Gerrett"; "Georgi";
"Gemberling"; "Geller"; "Garonna"; "Garman"; "Garfield"; "Gambini";
"Galwey"; "Galeotti"; "Gaggiotti"; "Gabrielli"; "Fusaro"; "Furth";
"Fuller"; "Fujii-Abe"; "Frye"; "Fryberger"; "Frowiss"; "Frisken";
"Friedland"; "Fried"; "Freundlich"; "Freid"; "Frazier-Davis"; "Franz";
"Franklin-Kenea"; "Francisco"; "Fossi"; "Fossey"; "Fortier"; "Fortes";
"Forester"; "Folks"; "Flores"; "Flier"; "Fitzmaurice"; "Fisk";
"Fiorina"; "Finnegan"; "Finkelstein"; "Fink"; "Field"; "Fido";
"Feuer"; "Ferriell"; "Ferrante"; "Fernandes"; "Fernald"; "Feldman";
"Fejzo"; "Feigenbaum"; "Fates"; "Fasso'"; "Farren"; "Farone"; "Faris";
"Falorsi"; "Falco-Acosta"; "Faioes"; "Fagan"; "Fabbris"; "Everett";
"Euripides"; "Etter"; "Estes"; "Espinoza"; "Erez"; "Erdos"; "Erdman";
"Erbach"; "Eppling"; "Enyeart"; "Encinas"; "Elvis"; "Elmerick";
"Elmendorf"; "Eliasson"; "Eickenhorst"; "Edward"; "Edner"; "Edley";
"Eckel"; "Ebeling"; "Eardley"; "Dwyer"; "Dussault"; "Durrett";
"Duffin"; "D'souza"; "Drinker"; "Dowsland"; "Doug"; "Doty"; "Dosi";
"Dorf"; "Dore"; "Doonan"; "Donner"; "Donahue"; "Doherty"; "Dockery";
"Dirksen"; "Dionysius"; "Dilworth"; "Difronzo"; "Difabio";
"Diefenbach"; "Dicks"; "D'fini"; "Deutsch"; "Desombre"; "Denison";
"Denham"; "Denault"; "Demusz"; "Dempster"; "Deming"; "Dell'acqua";
"Delger"; "Deleon-Rendon"; "Delattre"; "Defeciani"; "Dees"; "Debroff";
"deRousse"; "del'Enclos"; "DeLaPena"; "DeGennaro"; "Dawkins"; "David";
"Daskalu"; "Dasgupta"; "Das"; "D'arcangelo"; "Dapice"; "Dante";
"Danieli"; "D'Ambra"; "Daly"; "Daldalian"; "daSilva"; "Cyders";
"Cvek"; "Cutler"; "Currier"; "Cui"; "Croxton"; "Croxen"; "Croshaw";
"Crocker"; "Crawford"; "Coutaux"; "Counter"; "Cosmides"; "Cornish";
"Corey"; "Connors"; "Condodina"; "Concino"; "Comstock"; "Compton";
"Collis"; "Collard"; "Colella"; "Coldren"; "Coito"; "Coblenz"; "Clow";
"Clifton"; "Clement"; "Clark"; "Clancy"; "Claffey"; "Cifarelli";
"Cicero"; "Ciampaglia"; "Church"; "Chupasko"; "Chu"; "Christopher";
"Christie"; "Christiano"; "Christian"; "Christenson"; "Chinman";
"Chinipardaz"; "Childs"; "Childress"; "Chien"; "Chiassino";
"Chervinsky"; "Cherry"; "Cheang"; "Charles"; "Chapman"; "Cerioli";
"Ceniceros"; "Cavell"; "Cavanagh"; "Castelda"; "Caspar"; "Case";
"Cascio"; "Cartmill"; "Carper"; "Caroti"; "Carmichael"; "Carlyle";
"Carlos"; "Carlin"; "Carayannopoulos"; "Caratozzolo"; "Capursi";
"Cappuccio"; "Capodilupo"; "Capocaccia"; "Caperton"; "Capanni";
"Canley"; "Cammilleri"; "Cammelli"; "Calnan"; "Cage"; "Byrd";
"Byerly"; "Byatt"; "Busetta"; "Burridge"; "Burke"; "Burdzy"; "Burden";
"Bunton"; "Bullard"; "Budding"; "Buchan"; "Brzycki"; "Brook"; "Broca";
"Britz"; "Brinton"; "Bridges"; "Bridgeman"; "Brewer"; "Brennan";
"Brenan"; "Breed"; "Brecht"; "Bradach"; "Bradac"; "Bracalente";
"Boyne"; "Boym"; "Boyland"; "Boyes"; "Boyajian"; "Boxer"; "Bowers";
"Bourneuf"; "Boudrot"; "Boudin"; "Botosh"; "Bothman"; "Bossi";
"Borden"; "Borack"; "Boorstin"; "Boone"; "Bookbinder"; "Book";
"Bontempo"; "Boniface"; "Bonham"; "Boner"; "Bologna"; "Bollinger";
"Bolick"; "Bolger"; "Blyth"; "Bloxham"; "Bloemhof"; "Bloembergen";
"Bloch"; "Blizard"; "Bliss"; "Blanke"; "Blakemore"; "Blagg";
"Blackwell"; "Blackbourn"; "Bisho"; "Bisema"; "Bir"; "Binion";
"Bickel"; "Biagioli"; "Beynart"; "Betti"; "Berrizbeitia"; "Bernston";
"Bernassola"; "Bernardo"; "Berke-Jenkins"; "Bergson"; "Benedict-Dye";
"Belloc"; "Bellini"; "Bellhouse"; "Bellavance"; "Belin-Collart";
"Belfer"; "Belaoussof"; "Belanger"; "Behenna"; "Bedford"; "Beder";
"Beckman"; "Bean"; "Beal"; "Beacon"; "Bayo"; "Bayles"; "Baumiller";
"Batchelder"; "Bashevis"; "Basavappa"; "Bartoo"; "Bartolome";
"Bartholomew"; "Barry"; "Barriola"; "Barnett"; "Barneson"; "Barbetti";
"Barberi"; "Baranowska"; "Baranczak"; "Barajas"; "Barabesi"; "Banta";
"Baltz"; "Ballew"; "Ballatori"; "Baleja"; "Bakanowsky"; "Bailar";
"Bagnold"; "Baglivo"; "Bady"; "Backus"; "Bachmuth"; "Azima"; "Ayling";
"Aykroyd"; "Ayiemba"; "Axworthy"; "Axelrod"; "Aurelius"; "Augustus";
"Atkins"; "Arky"; "Arjas"; "Aristotle"; "Arellano"; "Arduini";
"Arbia"; "Antos"; "Anthony"; "Ansley"; "Anfinrud"; "Andron";
"Andrelus"; "Ando"; "Andel"; "Anand"; "Amsden"; "Ameer"; "Amatangelo";
"Amaral"; "Altenhofen"; "Altenberger"; "Altavilla"; "Alongi";
"Allison"; "Aleks"; "Alda"; "Alcorn"; "Alavi"; "Ahlers"; "Adorno";
"Adibe"; "Adelstein"; "Addison"; "Adams"; "Ackerman"; "Abdulrazak"
– El siguiente listado de contraseñas:
• "intranet"; "lan"; "main"; "winpass"; "blank"; "office"; "control";
"nokia"; "siemens"; "compaq"; "dell"; "cisco"; "ibm"; "orainstall";
"sqlpassoainstall"; "sql"; "db1234"; "db1"; "databasepassword";
"data"; "databasepass"; "dbpassword"; "dbpass"; "access";
"domainpassword"; "domainpass"; "domain"; "hello"; "hell"; "god";
"sex"; "slut"; "bitch"; "fuck"; "exchange"; "backup"; "technical";
"loginpass"; "login"; "mary"; "katie"; "kate"; "george"; "eric";
"chris"; "ian"; "neil"; "lee"; "brian"; "susan"; "sue"; "sam"; "luke";
"peter"; "john"; "mike"; "bill"; "fred"; "joe"; "jen"; "bob"; "qwe";
"zxc"; "asd"; "qaz"; "win2000"; "winnt"; "winxp"; "win2k"; "win98";
"windows"; "oeminstall"; "oemuser"; "oem"; "user"; "homeuser"; "home";
"accounting"; "accounts"; "internet"; "www"; "web"; "outlook"; "mail";
"qwerty"; "null"; "server"; "system"; "changeme"; "linux"; "unix";
"demo"; "none"; "test"; "2004"; "2003"; "2002"; "2001"; "2000";
"1234567890"; "123456789"; "12345678"; "1234567"; "123456"; "12345";
"1234"; "123"; "007"; "pwd"; "pass"; "pass1234"; "passwd"; "password";
"password1"; "adm"; "db2"; "oracle"; "dba"; "database"; "default";
"guest"; "wwwadmin"; "teacher"; "student"; "owner"; "computer";
"root"; "staff"; "admin"; "admins"; "administrat"; "administrateur";
"administrador"; "administrator"
Emplea las siguientes brechas de seguridad:
–
MS03-026
(Buffer Overrun in RPC Interface)
–
MS04-011
(LSASS Vulnerability)
IRC
Para enviar informaciones y proporcionar control remoto, se conecta al siguiente servidor IRC:
Servidor: irc.mysupanet.biz on port
Puerto: 24556
Canal: #.n3wer.#
Apodo: [M][n3w3r
– Este programa malicioso puede obtener y enviar informaciones tales como:
• Contraseñas guardadas
• Captura de pantalla
• Velocidad del procesador
• Usuario actual
• Espacio libre en el disco
• Memoria disponible
• Tiempo de trabajo del programa viral
• Informaciones acerca de la red
• Informaciones acerca de los procesos del sistema
• Tamaño de la memoria
• Nombre de usuario
• Carpeta Windows
– Además puede efectuar las siguientes operaciones:
• conectarse al servidor IRC
• Iniciar ataques DDoS por desbordamiento de ICMP
• Iniciar ataques DDoS por desbordamiento de SYN
• Iniciar ataques DDoS por desbordamiento de TCP
• Iniciar ataques DDoS por desbordamiento de UDP
• Desactivar DCOM
• Desactivar la opción de compartir recursos en la red
• Descargar fichero
• Activar DCOM
• Activar la opción para compartir recursos en la red
• Ejecutar fichero
• Ingresar a un canal IRC
• Terminar proceso
• Salir del canal IRC
• Abrir remote shell
• Ejecutar ataque DDoS
• Redirigir puertos
• Enviar mensajes de correo
• Terminar proceso viral
• Terminar proceso
• Cargar fichero en Internet
• Visitar un sitio web
Finalización de los procesos
Listado de los procesos finalizados:
• i11r54n4.exe; irun4.exe; d3dupdate.exe; rate.exe; ssate.exe;
winsys.exe; winupd.exe; SysMonXP.exe; bbeagle.exe; Penis32.exe;
teekids.exe; MSBLAST.exe; mscvb32.exe; sysinfo.exe; PandaAVEngine.exe;
wincfg32.exe; taskmon.exe; zonealarm.exe; navapw32.exe; navw32.exe;
zapro.exe; msblast.exe; netstat.exe; msconfig.exe; regedit.exe
Robo de informaciones
– Windows Product ID
– Las siguientes claves de CD:
• Neverwinter Nights (Hordes of the Underdark); Neverwinter Nights
(Shadows of Undrentide); Neverwinter Nights; Soldier of Fortune II -
Double Helix; Hidden & Dangerous 2; Chrome; NOX; Command and Conquer:
Red Alert 2; Command and Conquer: Red Alert; Command and Conquer:
Tiberian Sun; Rainbow Six III RavenShield; Nascar Racing 2003; Nascar
Racing 2002; NHL 2003; NHL 2002; FIFA 2003; FIFA 2002; Shogun: Total
War: Warlord Edition; Need For Speed: Underground; Need For Speed Hot
Pursuit 2; Medal of Honor: Allied Assault: Spearhead; Medal of Honor:
Allied Assault: Breakthrough; Medal of Honor: Allied Assault; Global
Operations; Command and Conquer: Generals; James Bond 007: Nightfire;
Command and Conquer: Generals (Zero Hour); Black and White;
Battlefield Vietnam; Battlefield 1942 (Secret Weapons of WWII);
Battlefield 1942 (Road To Rome); Battlefield 1942; Freedom Force; IGI
2: Covert Strike; Unreal Tournament 2004; Unreal Tournament 2003;
Soldiers Of Anarchy; Legends of Might and Magic; Industry Giant 2;
Half-Life; Gunman Chronicles; The Gladiators; Counter-Strike (Retail)
Para una breve descripción vea el resumen
aquí
.
Descripción insertada por Andrei Gherman el Wed, 03 Aug 2005 10:53 (GMT+1)
Descripción actualizada por Andrei Gherman el Fri, 19 Aug 2005 14:53 (GMT+1)
»
About Malware
»
About Phishing
»
Virus "In the Wild"
« volver
Imprimir esta página
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
HTML/Crypted.Gen
TR/Rootkit.Gen
W32/Sality.Y
Worm/Koobface.cju
Worm/Koobface.clr
Worm/Koobface.cmc
Worm/Koobface.aej
Worm/Koobface.UK
Recibir de forma sencilla noticias actuales de Avira como
Detecta y elimina determinado malware y sus variantes.
Descargar aquí
Integrar la
Advertencia de virus
en su sitio web
© 2010 Avira GmbH
Copyright
|
Protección de datos
|
Mapa web
|
Feedback
|
Pie de imprenta
|
FAQ
|
Contacto
Amenazas 
Imprimir esta página
.gif)
