PCの修理が必要ですか?
専門家に頼む
Virus:Worm/Slenfbot.151552.D.5
Date discovered:20/08/2010
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:151.552 Bytes
MD5 checksum:60f0f7140c182a0c838141495624c53d
VDF version:7.10.04.181
IVDF version:7.10.10.237 - Friday, August 20, 2010

 General Methods of propagation:
   • Autorun feature
   • Local network
   • Messenger


Aliases:
   •  Bitdefender: IRC-Worm.Generic.13153
   •  Panda: W32/Slenfbot.AD
   •  Eset: Win32/AutoRun.IRCBot.DZ


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files

 Files It copies itself to the following location:
   • %drive%\gdjfyrfg.exe



The following file is created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

 Messenger It is spreading via Messenger. The characteristics are described below:

– Xfire

 Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.


Exploit:
It makes use of the following Exploits:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://www.whatismyip.org
Accesses internet resources:
   • http://s85.freefilehd.com/net/**********
   • http://195.137.213.67/net/**********

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

説明の挿入者 Petre Galan の 2011年1月18日火曜日
説明の更新者 Petre Galan の 2011年1月18日火曜日

戻る . . . .
https:// このウィンドウは暗号化されています。