Like most worms from the WORM_AHKER family, this variant also arrives as an attachment to email messages.
It propagates by mass-mailing a copy of itself to target addresses collected from an affected machine.
However, this worm slightly deviates from previously described WORM_AHKER variants in the way it sends email messages. It does not generate random messages from a combination of available selections. Instead, it sends out unique email messages, each with its own unique subject, sender's address, and message. This makes spotting malicious email from this worm much easier.
It gathers target email addresses from the Temporary Internet Files folder as well as from files with specific extension names.
Besides mass-mailing copies of itself, this worm may also download a specific file, terminate a popular download utility, and perform a denial of service (DoS) attack on a specific target Web site. To fully view its malicious capabilities, please continue to the Technical Details section.
 |
For additional information about this threat, see:
Solution
Technical Details
Statistics
source: trendmicro.com
No comments:
Post a Comment