WORM_SOHANAD.FM |
|
| BugsAlert Home > WORM_SOHANAD.FM | |
|
This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. Upon execution, this worm drops several copies of itself. It then uses the Windows Task Scheduler to create a scheduled task that executes the dropped copy. This worm also creates a registry entry to enable its automatic execution at every system startup. It also drops non-malicious component files with Hidden and System attributes. It modifies a registry entry to enable its automatic execution at every system startup. This worm also creates registry entries to disable the Task Manager. This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed. This worm connects to URLs to download possibly malicious files. As of this writing, however, the said URLs are inaccessible. Original Source: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOHANAD.FM Learn more about WORM_SOHANAD.FM |
|
| Tags: worm sohanad.fm | |
Related Items |
|
|
Spam evolution: April – June 2008
|
|
|
CVE-2008-4912 (fotogalerie)
|
|
|
FrSIRT - Fedora Security Update Fixes SWORD Code Injection Vulnerability
|
|
|
Abused Blogs, Poisoned Searches, and Malicious Codecs
|
|
|
Moodle Script Insertion and Cross-Site Request Forgery
|
|
|
Avaya Products OpenSSL Vulnerabilities
|
|
|
FrSIRT - Gentoo Security Update Fixes Postfix Privilege Escalation Vulnerabilities
|
|
