WORM_ONLINEG.FLU |
|
| BugsAlert Home > WORM_ONLINEG.FLU | |
|
This worm drops several files, some of which are detected as TROJ_NSANTI.FW. A dropped .DLL component is then injected as thread into running processes, particularly EXPLORER.EXE, for it to remain memory-resident. This makes it difficult to terminate. The dropped .DLL component also serves as the information-theft and propagation component. This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed. This worm monitors the following processes to steal sensitive information, such as user names and passwords, related to certain online games. This worm accesses a URL to download an updated version of itself. It then executes the downloaded file. As a result, new behaviors of this worm may be exhibited on the affected system. It then adds a registry key and entry to record its latest version. Original Source: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.FLU Learn more about WORM_ONLINEG.FLU |
|
| Tags: worm onlineg.flu | |
Related Items |
|
|
FrSIRT - HP StorageWorks Storage Mirroring Code Execution Vulnerability
|
|
|
Mark Finkle: XULRunner 1.9.0.6
|
|
|
WORM_STRAT.GEN-3
|
|
|
Bugtraq: iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability
|
|
|
Linksys WVC54GC Information Disclosure and ActiveX Control Buffer Overflow
|
|
|
CVE-2008-0224 (RunCMS)
|
|
|
Jay Sullivan: Your Firefox in the cloud: Firefox Sync and Firefox Home
|
|
