BannerPortlet

Blogs

You should be cautious when receiving such email like this:

winer

An email with attractive subject and content accompanied by an attached file is the typical motif for spreading Worms. You need to be prudent when receiving emails with unknown origins like this. Sometimes, the email itself has no content at all, but its attached file can somehow raise curiosity with an attractive name. When you open the attachment, the malicious code will be executed on your computer. The hacker then can steal sensitive information as well as control your computer for spamming purposes or DDoS attacks.

Thus, you should be cautious in receiving new information and at the same time, constantly update your antivirus software.

Below is the detailed analysis of the worm:

·         Name: W32.Winer.Worm

·         Family: W32.Winer.Worm

·         Type: Worm

·         Origin:

·         Discovered: November 06, 2009

·         Size: 19Kb

·         Severity: Medium

Risks:

·         Reduces system security level.

Symptoms:

·         Registry modified. 

·         Automatically sends spam emails.

Infection methods:

·         Spread via emails.

Prevention:

·         Do not open unknown attachments, especially files with .exe, .com, .pif and .bat extensions.

Technical details:

·         Dumps files "ifmq.kqo" into folder %SysDir%

·         Downloads and installs backdoors on compromised computers. 

·         Modifies "Shell" value in key HKLM\...\Winlogon to activate virus at Windows start-up. 

·         Automatically spreads spams with the content taken from server : http://193.104.27.91/li[removed]popo/bb.php?id=&v=200&tm=2&b=200

 


Analyst : Nguyen Cong Cuong

 

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet