Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

New worm disables Security Software

Sanbeltblog reported about new World Cup Soccer Worm. The worm arrives as an E-mail attachment with one of the following subjects and message bodys:

Subjects:

1. Soccer fans killed five teens
2. Crazy soccer fans
3. Please reply me Tomas
4. My tricks for you
5. Naked World Cup game set
6. My sister whores, shit i dont know

Message Bodies:

1. Soccer fans killed five teens, watch what they make on photos. Please report on this all who know.
2. Crazy soccer fans killed two teens, watch what they make on photos. Please report on this all who know.
3. I wait your photos from New York. I sent my pics where i naked for you. Please reply me. Linda Salivan
4. Nudists are organising their own tribute to the world cup, by staging their own nude soccer game, though it is not clear how the teams will tell each other apart. Good photos ;)
5. Emily Carr was an artist know for her prudery, but now the Portrait Gallery of Canada has aquired a nude self-portrait. View photos.

Upon execution, the worm copies itself to the following location:

%Sysdir%\msctools.exe

Attempts to download additional malware:

http://couple{removed}.com/tumbs/dianaimg.exe

The worm also attempts to disable the following processes:

AVP32.EXE, AVPCC.EXE, AVPM.EXE, AVP.EXE, iamapp.exe, iamserv.exe, FRW.EXE, blackice.exe, blackd.exe, zonealarm.exe, vsmon.exe, VSHWIN32.EXE, VSECOMR.EXE, WEBSCANX.EXE, AVCONSOLE.EXE, VSSTAT.EXE, OUTPOST.EXE, REGEDIT.EXE, NETSTAT.EXE, TASKMGR.EXE, MSCONFIG.EXE, NAVAPW32.EXE, UPDATE.EXE, msctools.exe

Share and Enjoy:

  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Slashdot
  • Twitter
June 20, 2006 on 7:41 pm | In Worms | 2 Comments |


2 Comments »

RSS feed for comments on this post. TrackBack URI

  1. HI SALAM

    Comment by FARSHAD — March 15, 2009 #

  2. The worm also attempts to disable the following proc

    Comment by FARSHAD — March 15, 2009 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.