Jump to content
Posted 28 August 2008 - 04:02 PM
Posted 28 August 2008 - 08:08 PM
This worm propagates via the instant messaging application Yahoo! Messenger. It sends an instant message to all contacts of the affected user. The said instant message contains a link that when accessed, downloads a copy of itself.
Its dropped copy uses the file name YAHOO.EXE to avoid easy detection.
It disables the Windows Task Manager and Registry Editor by modifying related registry entries. The said action adds complexity to this worm's detection and removal from an affected system.
It also modifies the Internet Explorer home page to point to a malicious URL, which may contain malicious files that may automatically be downloaded on the affected system. It also modifies certain Yahoo! Messenger settings that are related to content. The said action allows this worm to download possibly malicious files from the malicious URL.
It changes the title bar of Internet Explorer. It does the said routine to reflect the malicious URL.
Posted 28 August 2008 - 08:30 PM
"In a world where you can be anything, be yourself." ~ unknown
"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith
Posted 28 August 2008 - 08:48 PM
Posted 28 August 2008 - 09:17 PM
Edited by boopme, 28 August 2008 - 09:18 PM.
Posted 28 August 2008 - 09:31 PM
Posted 28 August 2008 - 09:32 PM
Posted 28 August 2008 - 09:47 PM
0 members, 0 guests, 0 anonymous users