It drops copies of itself into network drives. It drops copies of itself into all the removable drives connected to an affected system. This action prevents most of the system functions to be used. It modifies registry entries to disable various system services. It blocks access to websites that contain certain strings, which are mostly related to antivirus programs. It generates a set of URLs containing 250 random sites per day based on the UTC time standard. It also propagates over the Internet by attempting to send the exploit code to random Internet addresses. It propagates by dropping copies of itself in physical and removable drives. To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm exploits a vulnerability in Server service that, when exploited, allows a remote user to execute arbitrary code on the infected system in order to propagate across networks. Infection Channel: Copies itself in all available physical drives, Propagates via removable drives, Propagates via software vulnerabilities, Propagates via network shares
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |