需要修复电脑?
聘请专家
Virus:Worm/Slenfbot.151552.D.1
Date discovered:20/08/2010
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:151.552 Bytes
MD5 checksum:eb705dcc0aa25f73d45aca7e48de03e6
VDF version:7.10.04.180
IVDF version:7.10.10.236 - Friday, August 20, 2010

 General Methods of propagation:
   • Autorun feature
   • Local network
   • Messenger


Aliases:
   •  Bitdefender: Worm.Generic.268425
   •  Panda: W32/Slenfbot.AD
   •  Eset: Win32/AutoRun.IRCBot.DZ


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files

 Files It copies itself to the following location:
   • %drive%\apdlgmdi.exe



The following file is created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

 Messenger It is spreading via Messenger. The characteristics are described below:

– Xfire

 Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.


Exploit:
It makes use of the following Exploits:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://www.whatismyip.org
Accesses internet resources:
   • http://s85.freefilehd.com/net/**********
   • http://195.137.213.67/net/**********

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

说明添加者: Petre Galan 打开 2011年1月18日星期二
说明更新者: Petre Galan 打开 2011年1月18日星期二

反馈 . . . .
https:// 为了你的安全,此窗口已加密。