Search
Keyword: worm_klez.a
100207 Total Search |
Showing Results : 1 - 20
Autostart Technique This worm registers itself as a system service to ensure its automatic execution at every system startup by adding the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm may arrive bundled with malware packages as a malware component. It may be
WORM_DOWNAD.E WORM_DOWNAD.A WORM_DOWNAD.A was the first iteration of this threat. This worm exploited the Server Service Vulnerability in various Windows OS versions in order to propagate via network shares. A
Upon execution, this worm sends an HTTP request to its C&C to download a file. It saves the downloaded file as %Current%\123.tmp , which contains a download link of a torrent file pointing to a
This worm and its variant CODERED.B pose minimal risk to most PCs. It uses a remote buffer overflow vulnerability in Internet Information Service (IIS) Web Servers that can give system-level
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops copies of itself
This worm arrives via peer-to-peer (P2P) shares. It arrives via removable drives. It arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a
Worm, refer to the Threat Diagram shown below. This worm arrives via removable drives. It exploits software vulnerabilities to propagate to other computers across a network. It hides files, processes,
This worm uses Remote Desktop Protocol (RDP) for its propagation routines. This worm registers ntshrui.dll (copy of clb.dll) as a service by creating the a certain registry. It then adds this service
applications. This worm also downloads a backdoor, detected by Trend Micro as BKDR_BIFROSE.SMU . It also deletes services that disable antivirus applications, rendering the affected system unprotected.
This worm exploits a vulnerability in Server service that, when exploited, allows a remote user to execute arbitrary code on the infected system in order to propagate across networks. To get a
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF
registry entries so they can execute every time an infected system boots up. These also connect to several sites to wait for commands from remote malicious users hence compromising the systems’ security. A
This Worm arrives as attachment to mass-mailed email messages. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
from visiting antivirus-related websites that contain specific strings. Arrival Details This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm may arrive via network shares.
IP address. WORM_DORKBOT variants connect to an IRC server to join a channel. To generate the NICK or user name, they access http://api.wipmania.com/ to get the geographical location and IP address of