Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
Opaserv.Y spreads directly through the Internet by looking for computers to infect. In order to do this, it checks if port 137 is open and unprotected. If it is, Opaserv.Y gets into the computer through port 139 and copies itself in the C:\Windows directory under the name Speedy.scr.
At the same time, it generates several entries in the Windows Registry in order to ensure that it is run whenever the computer is started up. If the infected computer is connected to a network, Opaserv.Y will exploit the Windows vulnerability known as Share Level Password - based on an inconsistency in the protection of network shares in the operating systems Windows Me/98/95- in order to spread to the rest of the computers in the network.
Up until now, PandaLabs has detected two versions of Opaserv.Y. The difference between the two is the compression utility they are packed with. Another characteristic of this malicious code is that if the user runs the file carrying the worm from an MS-DOS window, instead of displaying the following message: "This program requires MS Windows", one of the following three will be displayed:
- Telefonica ganhe menos e faca mais!!
- Queremos melhores servicos da SPEEDY
- Melhorem o servico Speed seus FDPS!!
Best upgrade stuff now...
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
Quote
Modify
IP Logged
Search
Members
Login
Register