Win32.P2P.Lorrin.A@mm( I-Worm.Mapson (KAV), W32/Mapson-A (Sophos) )
SINTOMI: amigos.pif amigototote.pif amor-por-ti.pif antiwinlogon.pif antrox.scr BigBrother.pif bugmsn.pif chistesgraficos.pif chupamelo.pif comotegustan.pif CracksPPZ.pif cristina-aguilera.pif defaced-madonna-site.pif eggbrother.exe EICAX.COM existeee.pif financiamiento.pif GEDZAC.PIF grancarnal.exe grande.pif hackeahotmail.pif historial.pif hotmail.pif kamasutra.pif lacosha@hotmail.com LatinCard.pif linuxandmicrosoft.pif Lorenaaaa.pif Madonna_sEXY.pif MariaVirgen.pif Matrix-Trailer.pif mujeres.pif Musica.pif No-Spam.exe nuevovirus.txt.pif Oradores.pif osamabinhuevoback.exe parejaideal.txt.pif petardas.pif porqueteamo.pif projimo.pif relacionsexual.pif resetarios.pif SARS.pif seguridad_en_hotmail.pif serhacker.pif Shakira.pif solo-a-ti.pif Spamno.pif teamo.exe te-pido.scr test-idiota.pif testpasion.pif thalialoca.pif TutorialVBSvirus.pif WindowsMediaPlayerBug.pif www.mfernanda.com www.vsantiviru.com www.zonaviru.com zorrotttas.pif These file names are also used for attachments when spreading via mail. Presence of one of the names mentioned above in the process list (visible in Task Manager). [HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Lorraine = %SYSTEM%\Lorraine.exe] DESCRIZIONE TECNICA: The worm spreads itself via email, attached as mentioned before and also by sharing itself through the most common P2P programs as follows:eDonkey 2000 Gnucleus ICQ KaZaA LimeWire Morpheus Grokster It copies itself in listed below folders: \edonkey2000\incoming\ \gnucleus\downloads\ \icq\shared files\ \KaZaA\My Shared Folder\ \kazaa lite\my shared folders\ \limewire\shared\ \morpheus\my shared folder\ \Grokster\My Grokster\ with different combinations of the following names (all names generated end with .EXE): Desnuda en la playa las pelotas de Nude Pic Sexo en la playa con Sexy Beach Sexy Bikini Alejandra Guzman Angelica Vale Brenda Britney Spears Cameron dias Celine Dion Francini Galilea Montijo Halle berry Kylie Minogue Laura Pausini Lili Brillanti Lorena Paulina Rubio Pink Shakira Thalia Ad-aware Adobe Acrobat Reader (32-bit) AOL Instant Messenger (AIM) Biromsoft WebCam Copernic Agent Delphi 6 Diet Kaza DirectDVD DivX Video Bundle Download Accelerator Plus FireWorks 4 FIreWorks MX Global DiVX Player Grokster ICQ Lite ICQ Pro 2003a beta iMesh JetAudio Basic Kaspersky Antivirus Kazaa Download Accelerator Kazaa Media Desktop Matrix Movie McAfee Antivirus Microsoft Internet Explorer Microsoft Office XP Microsoft Windows Media Player Microsoft Windows 2003 Morpheus msn hack MSN Messenger (Windows NT/2000) Nero Burning ROM NetPumper Network Cable e ADSL Speed Norton Antivirus Office 2003 Panda Antivirus PerAntivirus Pop-Up Stopper QuickTime RealOne Free Player Registry Mechanic SnagIt SolSuite 2003: Solitaire Card Games Suite Spybot - Search & Destroy Trillian Virtual Girl Sofia Visual Studio Net Winamp WinMX WinRAR WinZip WS_FTP LE (32-bit) XoloX Ultra ZoneAlarm crack all versions Cracked Full version KeyGen The mail addresses are collected from the MSN Messenger contact list. As a payload the malware displays two message boxes in july containing information about the author and the worm. ISTRUZIONI DI RIMOZIONE: BitDefender can disinfect or delete automatically the files infected by this particular virus. The modified registry entries should be corrected manually.
ANALIZZATO DA: Ciubotariu MirceaBitDefender Virus Researcher |