Alias: W32/Warpi.worm.gen (McAfee),
Win32/Warpigs.B.Worm,
Worm.Win32.Warpigs (Kaspersky)
Category: Win32
Type: Worm
Published Date: 12/11/2003
Last Modified: 12/11/2003
CHARACTERISTICS
Win32.Warpigs.B is a UPX-packed, 67,104 byte worm that spreads via network shares. It also contains backdoor functionality that allows unauthorized accesss to a victim's machine.
Method of Installation
When executed, Win32.Warpigs.B copies itself to the %System% directory as WINUPDATE.EXE and then deletes the original copy that was executed.
It also adds itself to the registry to ensure that this copy is run at each Windows start:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate = "winupdate.exe"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\WindowsUpdate = "winupdate.exe"
The run key in SYSTEM.INI is also modified to run winupdate.exe upon startup:
[boot]
shell="explorer.exe winupdate.exe"
http://www3.ca.com/virusinfo/virus.aspx?ID=37741

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic