Risk Assessment :Low
Date Discovered: 7/10/2006
W32/Mandei.worm is an instant messenging worm that propagates over the MSN Messenger targeting the Win32 platform.
When run , the worm may send a message containing a website link to the user's MSN contact list, that could look like the following:
"Voce je viu a montagem q fizero com suasfotos e Eu Particularmente achei uma brincadeira de muitomau gosto... Veja as fotos voce mesmo -->>http://mywebpage.netscape.com/net(hidden)/Fotos.scr"
This link typically contains a PWS-Banker variant that could monitor/steal Internet banking passwords.
After execution, W32/Mandei.worm modifies sets the hidden file attribute on itself, and remain resident in the memory.
Indications of Infection
The following registry key may be added to execute the trojan on Windows startup:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run\msnmsgr = "%Windir%\System32\msnmsgr.exe"
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Presence of one or more of the following file(s): - %Windir%\System32\msnmsgr.exe
This worm propagates over the MSN Messenger network by sending messages to the contact list containing a malicious web link.
Source : Mcafee
No comments:
Post a Comment