RSS News Feed News Feed XML News Feed

Home

A.P.B.

Designs

Virus

Exploits

Primers

Definitions

Movies

Police Forces

Home > Virus > Worms > W32.Eyeveg.G@mm

 

Virus Name: W32.Eyeveg.G@mm

Aliases: W32.Lanieca.B@mm, W32/Bugbear-B, Win32.HLLW.Eyeveg.3, Win32/Eyeveg.K, W32/Eyeveg.J, W32/Eyeveg.worm.k, Worm/Eyeveg.g, Worm.Win32.Eyeveg.g, Worm/Eyeveg.H, WORM_WURMARK.J, Win32.Wurmark.K@mm

 

Eyeveg copies itself to an .exe file in the Windows System folder with a name based on the computer's volume serial number.  Eyeveg then edits the registry to run on start-up and to register as a browser helper object.  It also creates a zipped copy of itself named: music.mp3, screen saver, song.wav, video.avi, girls.jpg, image.jpg, love.jpg, pic.jpg, photo.jpg, details.doc, news.doc, resume.doc, message.txt, or readme.txt before the .zip double extension.  Inside the .zip is a file with the same name as the .zip but with .scr as the extension.

Eyeveg then copies a file to a randomly named .exe placed in the Windows System folder, and to a randomly named .dll file also in the Windows System folder.  This .dll file logs any captured keystrokes.  The computer language behind the worm is C++.

Eyeveg attempts to connect to a web site to download more commands for the worm to follow, and sends out a zipped copy of itself using its own SMTP engine to e-mail addresses retrieved from the infected computer.  The subject line is the name of the attachment previously created as a zipped copy of itself.

 

 

Copyright (c) 2005, 2008  A. Ryan Robbins.  All Rights Reserved.

 

 

Google
 
Web ycopfiles.com

 

 

Privacy

Copyright

About

Contact

Site Map

Blog Frog