Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Recent | Sitemap

WORM_ONLINEG.FLU
BugsAlert Home > WORM_ONLINEG.FLU
 
 

This worm drops several files, some of which are detected as TROJ_NSANTI.FW.

A dropped .DLL component is then injected as thread into running processes, particularly EXPLORER.EXE, for it to remain memory-resident. This makes it difficult to terminate. The dropped .DLL component also serves as the information-theft and propagation component.

This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

This worm monitors the following processes to steal sensitive information, such as user names and passwords, related to certain online games.

This worm accesses a URL to download an updated version of itself. It then executes the downloaded file. As a result, new behaviors of this worm may be exhibited on the affected system. It then adds a registry key and entry to record its latest version.




Original Source: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.FLU

Learn more about WORM_ONLINEG.FLU
 
Tags: worm onlineg.flu

Related Items
      FrSIRT - HP-UX System Administration Manager Remote Access Vulnerability

      CVE-2008-0763 (Network Print Server)

      New Old Bills: The Rechnung Revivals

      CVE-2008-0308 (Symantec AntiVirus Network Attached Storage, Symantec AntiVirus Scan Engine, Syma...)

      CVE-2008-4731 (yacy)

      POSSIBLE_HAMWEQ

      Debian update for samba

 
© 2007-2009 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel