MSNworm.EI Detected!

Name: W32/MSNworm.EI.worm
Threat Danger Level: Medium
Type: Worm
Effects: Its main objective is to spread via MSN Messenger and affect as many computers as possible. Additionally, it downloads the backdoor detected as IRCBot.BWB to the affected computer.
Plataforms: Windows 2003/XP/2000/NT/ME/98/95
Detected on: April 12, 2008

Technical Details:

The main objective of MSNworm.EI is to spread via MSN Messenger and affect as many computers as possible.

Additionally, it downloads the backdoor detected as IRCBot.BWB to the affected computer.

The variants belonging to the IRCBot family are designed to connect to several IRC servers and receive remote control commands, such as download files, update themselves and send information about the computer, among others.

MSNworm.EI spreads via the instant messaging program MSN Messenger. In order to do so, it follows the routine below:

The user receives an instant message which contains a file.
When the file is run, the following image is displayed:

Additionally, it downloads a copy of the worm to the affected computer.
MSNworm.EI sends this message to all the contacts that are active at that moment.

MSNworm.EI creates the file REP38_D.EXE, in the subfolder Local Settings\Temp of the Documents and Settings directory of the user that has logged in.

This file belongs to the backdoor detected as IRCBot.BWB.

MSNworm.EI is 103,380 bytes in size and it is compressed with Nullsoft Installer.

If you have ay questions about other virus or any malware, please contact us @ Dietrevers@gmail.com

Advertisements

2 Responses to “MSNworm.EI Detected!”

  1. easyadsworld Says:

    Thank you for the great Information Blog!
    pl ad your blog at http://www.easyadsworld.com your blog will be appreciated!

  2. Yeah! Thanx so much =)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: