December 30, 2010

Worm_Lamin.AC

This worm will propagate via instant messaging applications online like yahoo messenger, Gtalk, msn Messenger or Digsby.


Effects: 

  • Deletes registry  that are related to anti-virus and security applications resulting in improper functioning of anti-virus programs leaving the system security at risk
  • It disables security center functions like firewall security updates
  • Disables Internet connection sharing service which will disable sharing
  • It sends a copy of its link in the instant messages
It drops files following files in the system :

  • %Program Files%\Microsoft Office\OFFICE11\services.exe
  • %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • %User Startup%\Adobe Gamma Loader.com

  1. These dll files are loaded into the system program files Drvics32.dl, hjwgsd.dll, jwiegh.dll, PUB60SP.mrc, remote.ini, yofc.dll, ruimsbbe.dll, smss.exe and creates an auto start entry in the registry attacking the word file. 
  2. It also disables registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot which will not allow us to boot in safe mode and explorer, shared access, services related registry entry's values will be changed to 4.  
  3. It also pings many sites that are harmful using command prompt.
  4. The sent spam messages are predetermined, which is listed in HJWGSD.DLLl, and contains the link http://bukuger{BLOCKED}.hared.com. Copies of the malware maybe downloaded from this site, which is currently inaccessible.    
So please be aware while clicking on any links in any instant messenger sites.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More