検索:
ホーム   »     »   Yet another IM worm: WORM_SDBOT.CWG

Yet another IM worm: WORM_SDBOT.CWG

  • 投稿日:2005年12月23日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0


This worm may propagate through the following techniques:



  • AOL Instant Messenger (needs a remote-user-intervention)
  • Internet Relay Chat
  • Microsoft Vulnerabilities (MS04-007& MS05-039)
This malware uses anti-debugging technique. It uses the IsDebuggerPresent API and also it detects VMWare. The IsDebuggerPresent API checks if the malware is being debugged. For the VMWare, it checks the registry entry if the VMWare tools is installed.

Most of its strings are encrypted using its own encryption table. One noticeable string on its body, upon decryption, is “[Reptile – 0.33]”.

So if you are not sure if the link being sent to you on Instant Messenger(et. al., AOL, Yahoo, MSN), DO NOT click the link.

For complete technical analysis and removal instructions, please see the links below:
WORM_SDBOT.CWG Technical Details
WORM_SDBOT.CWG Removal Instructions

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.