WORM_ZOMBAQUE.AA
Worm:Win32/Zombaque.A (Microsoft), Trojan.Win32.Genome.acbxn (Kaspersky), W32.Spybot.Worm (Symantec), BackDoor-AWQ.b (McAfee)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It opens certain ports to access shared networks.
TECHNICAL DETAILS
318,464 bytes
EXE
Yes
14 Sep 2012
Arrival Details
This worm may arrive via network shares.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This worm drops the following files:
- {malware location}\ipz-db.bin
Other System Modifications
This worm adds the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\IPZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Enum\Root\LEGACY_IPZ
Propagation
This worm opens the following ports to access shared networks:
- 4899