Virus type: Worm
This worm propagates via network shares. It drops copies of itself on shares that have full access rights, while on those that have restricted access rights, it attempts to force its way into the system using a list of user names and passwords.
It also has backdoor functionalities. It has a built-in Internet Relay Chat (IRC) client engine which enables it to connect to an IRC channel, where it waits for commands from a remote user.
These commands can do the following:
Send the following information about the infected system:
Size of memory
Windows platform, build version and product ID
Currently logged on user
Disable network shares
Terminate the malware
Resolve IP or host name by DNS
Retrieve malware status
Execute a .EXE file
Open a file
Flush DNS cache
Disconnect/Reconnect from IRC server
Change IRC server
Join a channel
Leave a channel
Send a private message through IRC
Update the malware through HTTP or FTP
Download and execute a file from an HTTP or FTP server
Shut down computer
Log off current user
List all running processes
Kill a process
This worm steals CD keys of several software.
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.