Worm.P2P.Tanked
Instalacja
Podczas instalacji robak kopiuje si臋 z r贸偶nymi nazwami (szczeg贸艂y poni偶ej) do folderu systemowego Windows i tworzy dwa klucze auto-run w rejestrze systemowym.
Kopie robaka posiadaj膮 nast臋puj膮ce nazwy:
- Tanked.11: system32.exe
- Tanked.13: winsys.exe
- Tanked.14: cmd32.exe
Klucze tworzone przez robaka w rejestrze systemowym wygl膮daj膮 nast臋puj膮co:
Tanked.11:
- HKLMSoftwareMicrosoftWindowsCurrentVersionRun
SystemSAS = system32.exe - HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
SystemSAS = system32.exe
Tanked.13:
- HKLMSoftwareMicrosoftWindowsCurrentVersionRun
WinSys = winsys.exe - HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
WinSys = winsys.exe
Tanked.14:
- HKLMSoftwareMicrosoftWindowsCurrentVersionRun
CMD = cmd32.exe - HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
CMD = cmd32.exe
Rozprzestrzenianie
Robak kopiuje si臋 z nast臋puj膮cymi nazwami do folderu wsp贸艂dzielonego w systemie KaZaA:
Battlefield1942_bloodpatch.exe Unreal2_bloodpatch.exe UT2003_bloodpatch.exe AquaNox2 Crack.exe NBA2003_crack.exe FIFA2003 crack.exe C&C Generals_crack.exe UT2003_keygen.exe UT2003_no cd (crack).exe Age of Empires 2 crack.exe Anno 1503_crack.exe C&C Renegade_crack.exe Diablo 2 Crack.exe Gothic 2 licence.exe GTA 3 Crack.exe GTA 3 patch (no cd).exe Hitman_2_no_cd_crack.exe Mafia_crack.exe Neverwinter_Nights_licence.exe NHL 2003 crack.exe WarCraft_3_crack.exe Splinter_Cell_Crack.exe Battlefield1942_keygen.exe Winamp 3.8.exe MediaPlayer Update.exe UT2003_patch.exe ACDSee 5.5.exe DivX Video Bundle 6.5.exe Global DiVX Player 3.0.exe QuickTime_Pro_Crack.exe KaZaA Lite (New).exe iMesh 3.7b (beta).exe iMesh 3.6.exe KaZaA Hack 2.5.0.exe DirectDVD 5.0.exe Flash MX crack (trial).exe Ad-aware 6.5.exe WinZip 9.0b.exe SmartFTP 2.0.0.exe ICQ Lite (new).exe ICQ Pro 2003b (new beta).exe ICQ Pro 2003a.exe AOL Instant Messenger.exe Download Accelerator Plus 6.1.exe Trillian 0.85 (free).exe Network Cable e ADSL Speed 2.0.5.exe MSN Messenger 5.2.exe mIRC 6.40.exe GetRight 5.0a.exe Pop-Up Stopper 3.5.exe Yahoo Messenger 6.0.exe KaZaA Speedup 3.6.exe Nero Burning ROM crack.exe WindowBlinds 4.0.exe Animated Screen 7.0b.exe Living Waterfalls 1.3.exe Matrix Screensaver 1.5.exe Popup Defender 6.5.exe Space Invaders 1978.exe SmartRipper v2.7.exe TweakAll 3.8.exe DVD Copy Plus v5.0.exe Serials 2003 v.8.0 Full.exe Zelda Classic 2.00.exe Need 4 Speed crack.exe Links 2003 Golf game (crack).exe Netfast 1.8.exe Guitar Chords Library 5.5.exe DVD Region-Free 2.3.exe Cool Edit Pro v2.55.exe Coffee Cup Free HTML 7.0b.exe Clone CD 5.0.0.3.exe Clone CD 5.0.0.3 (crack).exe Business Card Designer Plus 7.9.exe Nimo CodecPack (new) 8.0.exe Steinberg_WaveLab_5_crack.exe Hot Babes XXX Screen Saver.exe FreeRAM XP Pro 1.9.exe IrfanView 4.5.exe Audiograbber 2.05.exe WinOnCD 4 PE_crack.exe BabeFest 2003 ScreenSaver 1.5.exe PalTalk 5.01b.exe Final Fantasy VII XP Patch 1.5.exe DirectX InfoTool.exe DirectX Buster (all versions).exe Unreal2_crack.exe FlashGet 1.5.exe Babylon 3.50b reg_crack.exe mp3Trim PRO 2.5.exe
Informacje dodatkowe
W kodzie robaka mo偶na znale藕膰 nast臋puj膮ce sygnatury:
Tanked.11:
T~Drone.11
t69 [sd]v0.5b TankEd.11
[sd]v0.5b TankEd.11 by [sd]
Tanked.13:
T~Drone.13
t69 [sd]v0.5b TankEd.13
[sd]v0.5b TankEd.13 by [sd]
Tanked.14:
T~Drone.14
t69 [sd]v0.5b TankEd.14
[sd]v0.5b TankEd.14 by [sd]