WORM_SOHANAD.BO |
|
| BugsAlert Home > WORM_SOHANAD.BO | |
|
This worm drops files/components. It then creates and modifies registry entries to ensure automatic execution at every system startup. This worm propagates via Yahoo! Messenger. It does the said routine by sending an instant message to all contacts of a target user. The message it sends contains a link to a remote copy of itself. When the recipient clicks the link, its copy is executed on the recipients' system.It opens random TCP ports where it listens for remote commands from malicious user. It executes these commands locally on the affected system, thus compromising the system security. It displays the following message box:
Original Source: http://feeds.trendmicro.com/~r/MalwareTop10/~3/157119429/default5.asp Learn more about WORM_SOHANAD.BO |
|
| Tags: worm sohanad.bo | |
Related Items |
|
|
CVE-2008-4865 (valgrind)
|
|
|
CVE-2008-1427 (Acajoom, com_acajoom)
|
|
|
Security Scans with OpenVAS
|
|
|
Gentoo: KDE start_kdeinit Multiple vulnerabilities
|
|
|
FrSIRT - SuSE Security Update Fixes Kernel Security Bypass and DoS Issues
|
|
|
Red Hat Conga "ricci" Denial of Service Vulnerability
|
|
|
FrSIRT - Opera Browser Code Execution and Security Bypass Vulnerabilities
|
|
