Alias:Network.vbs
Type:Worm 
Size:
Origin: 
Date:00-00-0000 
Damage:Spreads over shared directories. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionLooks for IP addresses and shared directories. It copies itself on them.

Technical DetailsVBS/Netlog is written in Visual Basic Script.

Version A: Netlog.A
When activated, the worm creates the log file "c:\network.log", which contains:
Log file Open

The worm generates a random IP address and writes it in the log file:

Subnet:*.*.*.0 every star ("*") is a number.

The worm connects to an IP address (1-254) and searches on all systems for access to drive C:/. If access is granted, the drive is mapped as J:/ on the infected computer and the worm writes in the log file:

Copying files to:\\*.*.*.*\C

Then the worm copies itself on the remote computer as:
j:\network.vbs
j:\windows\network.vbs
j:\windows\start menu\programs\startup\network.vbs
j:\win95\start menu\programs\startup\network.vbs j:\win95\startm~1\programs\startup\network.vbs
j:\wind95\network.vbs
This is the PC infecting procedure.

The next system start will activate the worm. When the file is copied, the log file reads:

Successfull copy to : \\*.*.*.*\C


Finally, the worm connects to the next address of SubNetz or to another random IP address and restarts the procedure.

Version B: Netlog.B
This version consists in two files. It copies itself as:
C:\windows\start menu\programs\startup\network.vbs
C:\windows\start menu\programs\startup\network.exe

It maps this drive as Z:\ (not J:\ as does version A). When creating the log file, "c:\network.log", the drive is changed accordingly.
설명 삽입자 Crony Walker   2004년 6월 15일 화요일

뒤로 . . . .

© 2013 Avira Operations GmbH & Co. KG. All rights reserved.

내 계정

https:// 이 창은 보안을 위해 암호화되었습니다.