worm brontok
On October - 22 - 2008
When the infected file with the virus Brontok is launched for the first time, you will see a Windows Explorer window, with a folder named “My Pictures”.
By installing the brontok worm changes the following registry key, the inaccessibility of tools registry, the command line, and viewing of files and folders in Windows Explorer.
Then Brontok copies itself under the following names
%UserProfile%\Local Settings\Application Data\br<random number>on.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\svchost.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
The Emails sent may contain the following attachments with the Brontok Worm:
- ccapps.exe
- jangan dibuka.exe
- kangen.exe
- my heart.exe
- myheart.exe
- syslove.exe
- untukmu.exe
- winword.exe
lwrnlzzew Says:
42zhAv vwtiknxxjkii, [url=http://eejpfaflhdkh.com/]eejpfaflhdkh[/url], [link=http://ueqfjakwjkcz.com/]ueqfjakwjkcz[/link], http://dghthpkqojmt.com/
Posted on February 27th, 2010 at 11:55 pm