From; Sophos Alert System: Name: W32/Icpass-A Type: Win32 worm Date: 27 April 2005 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2005 (3.94) release of Sophos Anti-Virus. Customers using EM Library, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. At the time of writing, Sophos has received a small number of reports of this worm from the wild. Information about W32/Icpass-A can be found at: http://www.sophos.com/virusinfo/analyses/w32icpassa.html W32/Icpass-A is a worm for the Windows platform. W32/Icpass-A will create zip files using archiving applications installed on the infected system. It will also connect to a predefined IRC server and channel. As people join the IRC channel they will be sent the zip file created and become infected. W32/Icpass-A will copy itself to the Windows system folder as system.exe and create the following registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run windows run "<Windows folder>\system32\system.exe" W32/Icpass-A will drop winn.dll to the Windows folder(detected as W32/Icpass-A) and will create files under the following names in the Windows folder(detected as W32/Icpass-A): gledanje_tv_preko_interneta(vsi_slo_programi).zip proti_virusni_program(program_v_slovenscini).zip izdelovanje_animacijskih_slik(slovenska_verzija).zip vse_slike_glasuj_zame.zip zelo_dober_program_za_tejkanje_irc_kanalov.zip novi_klepet_program(veliko_deklet_in_fantov(2000uporabnikov)).zip This IDE file also includes detection for: Troj/Bancban-CI http://www.sophos.com/virusinfo/analyses/trojbancbanci.html Troj/Dloader-MU http://www.sophos.com/virusinfo/analyses/trojdloadermu.html W32/Rbot-ABH http://www.sophos.com/virusinfo/analyses/w32rbotabh.html Troj/Small-EG http://www.sophos.com/virusinfo/analyses/trojsmalleg.html Troj/Dumaru-BG http://www.sophos.com/virusinfo/analyses/trojdumarubg.html W32/Sdbot-XO http://www.sophos.com/virusinfo/analyses/w32sdbotxo.html Download the IDE file from: http://www.sophos.com/downloads/ide/icpass-a.ide Download all the IDE files available for the current version of Sophos Anti-Virus in a single compressed file. The file is available in two formats: Zip file: http://www.sophos.com/downloads/ide/ides.zip Self-extracting file: http://www.sophos.com/downloads/ide/ides.exe Read about how to use IDE files at http://www.sophos.com/downloads/ide/using.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member
