Search
Keyword: worm_opaserv.a
This worm uses Remote Desktop Protocol (RDP) for its propagation routines. To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm
containing a copy of itself to harvested email addresses. This worm does not have any downloading capability. This worm does not have any information-stealing capability. This worm arrives as attachment to
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers target email addresses from the Windows Address
This worm arrives as attachment to mass-mailed email messages. It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It drops an
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
Autostart Technique This worm registers itself as a system service to ensure its automatic execution at every system startup by adding the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM
causing it to crash once in a while if certain error occurs. The worm contains SMTP (Simple Mail Transfer Protocol) commands to connect to the SMTP server, smtp.{BLOCKED}a.com.cn . It generates an email
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses Windows Task Scheduler to create a scheduled task
This Worm arrives as an attachment to email messages mass-mailed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
This worm arrives as attachment to mass-mailed email messages. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It
Facebook and a fake Youtube page. To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm may be downloaded by other malware/grayware/spyware
target vulnerable system, the shellcode is decrypted, and then retrieves certain APIs capable of downloading a copy of the worm from the affected system, which is already converted into an HTTP server. The
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any backdoor routine. It does not have
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm is capable of propagating in a local network when an infected machine is found in the said network. It also
Trend Micro has received multiple samples of this worm from multiple, independent sources, including customer reports and internal sources. These indicate that this worm poses a high risk to users
This worm poses as a font file and uses the LNK vulnerability to propagate. There has also been an increase in customer infection because of this malware. To get a one-glance comprehensive view of
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious