WORM_GRIDER.B

This worm may be dropped by other malware. It may arrive via network shares. It may be installed manually by a user. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It floods the current folder using copies of a certain non-malicious file.

It creates registry entries to enable its automatic execution at every system startup.

This worm propagates by dropping a copy of itself into all folders, as well shared folders, and mapped drives. It uses the name of the current folder name as the file name of its dropped copies. As a result, it may replace normal files with a copy of itself if these normal files also use the folder name in their file names.

It then searches for certain files in the current folder, which it uses in order to run properly. These files are non-malicious and are used in MS Visual Basic applications to add the functionality of socket programming.

It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.

The said routine effectively compromises the affected system's security.

It connects to Web sites.

Related Items