[pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- From: "Jackie MacWhirter" <jmacwhirter@xxxxxxxxx>
- To: <pchelpers@xxxxxxxxxxxxx>
- Date: Tue, 18 Mar 2008 16:14:31 -0400
HI John :
I was reading your post .That worm is terrible my goodness, is an antidote
for that?
Its like a cup of poison spreads everywhere , have they released anything
yet that will clean and destroy it? I can just imagine a network of 200
computer ugghhh!! What a mess
----- Original Message -----
From: "John Durham" <john.modec@xxxxxxxxxx>
To: "PC-Helpers" <pchelpers@xxxxxxxxxxxxx>
Sent: Tuesday, March 18, 2008 2:55 PM
Subject: [pchelpers] News:Kucoo Worm Spreads Via Shared Drives
> March 18, 2008
>
> At least two security vendors have issued alerts for W32/Kucoo, a worm
> that will infect Windows systems and spreads through shared network
> drives.
>
> Upon execution, the worm copies itself as the following files:
>
> * smss.exe in the Current UserProfile\Application Data folder,
> * smss.exe in the Windows\inf folder,
> * Sexy Girls.scr in the Windows System folder.
>
> The Trojan modifies registry at the following location to load itself
> during each startup:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> \FrameWorkService
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
> \NT_Authority
>
> It spreads itself via network shares by copying itself to all the mapped
> network drives as (User_Name)_Fichiers.exe, ..exe and ...exe.
>
> The Trojan also copies itself to all the subfolders of the mapped
> network drives as (sub_folder name).exe.
>
> Sourced from:
> http://www.esecurityplanet.com/alerts/article.php/3734871
>
> More information at:
> http://vil.nai.com/vil/content/v_144253.htm
> --
> John Durham
> Site http://modecideas.com
> Server hosted on Ubuntu 4.10
> Good advice is like good paint. It only works when applied.
>
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
- Follow-Ups:
- [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham
- [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham
- References:
- [pchelpers] News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham
Other related posts:
- » [pchelpers] News:Kucoo Worm Spreads Via Shared Drives
- » [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- » [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- » [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- » [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham
- [pchelpers] Re: News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham
- [pchelpers] News:Kucoo Worm Spreads Via Shared Drives
- From: John Durham