Andr0m3da
Power Member
Today, the Oxygen3 24h-365d report deals with
Freedesktop (W32/Win64.A), a mass-mailing worm designed to propagate
rapidly, and a Trojan called Backdoor/CCInvader2.
Freedesktop uses 'social engineering' techniques in the e-mail it used to
spread. In fact, it gets into systems in a file whose name is that of a fake
Internet address "w w w.freedesktopthemes.com". Through this disguise, it
tries to trick users into believing that they have received a web address
>from which they can download desktop themes. However, if the user runs the
attached file, Freedesktop will send itself out to every entry it finds in
the Windows and any mail program's address books. Moreover, the worm looks
for the default mail server in order to connect to it directly and send
itself massively.
At regular intervals, Freedesktop attempts to connect to 19 URLS belonging
to different communications companies in order to provoke a DoS (Denial of
Service) attack on their servers. Furthermore, the worm creates a file
called "status.ini" in the affected computer. In computers whose operating
system is in English, Freedesktop also generates a file named "setup.exe" in
the Windows startup directory. In this way, the worm ensures it is run on
every system startup.
Backdoor/CCInvader2 is a Trojan that modifies the Windows Registry and
carries out a number of actions on the affected computer: it opens and
closes the CD-ROM tray, manages files, controls the monitor, etc.
Freedesktop (W32/Win64.A), a mass-mailing worm designed to propagate
rapidly, and a Trojan called Backdoor/CCInvader2.
Freedesktop uses 'social engineering' techniques in the e-mail it used to
spread. In fact, it gets into systems in a file whose name is that of a fake
Internet address "w w w.freedesktopthemes.com". Through this disguise, it
tries to trick users into believing that they have received a web address
>from which they can download desktop themes. However, if the user runs the
attached file, Freedesktop will send itself out to every entry it finds in
the Windows and any mail program's address books. Moreover, the worm looks
for the default mail server in order to connect to it directly and send
itself massively.
At regular intervals, Freedesktop attempts to connect to 19 URLS belonging
to different communications companies in order to provoke a DoS (Denial of
Service) attack on their servers. Furthermore, the worm creates a file
called "status.ini" in the affected computer. In computers whose operating
system is in English, Freedesktop also generates a file named "setup.exe" in
the Windows startup directory. In this way, the worm ensures it is run on
every system startup.
Backdoor/CCInvader2 is a Trojan that modifies the Windows Registry and
carries out a number of actions on the affected computer: it opens and
closes the CD-ROM tray, manages files, controls the monitor, etc.
