Quote:
Originally posted by DonovanPhillips
SOMEBODY better take the blame.
This is a mass-mailing worm with the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
attachment can be a password-protected zip file, with the password included in the message body.
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
uses various mutex names selected from those W32/Netsky variants have used, in order to prevent those W32/Netsky variants running on infected machines
terminates processes of security programs and other worms
deletes registry entries of security programs and other worms
|
damn sound like some hacker is going to make a dime or two, I don't understand why stuff like this is so hard to track down. Let a mahine get infected and trace the e-mails, then track the guy down by his affalite ID's. But he's probally from some 3d world country so it's useless.