Storm Worm still a problem
Posted by raxsoMay 11
According to F-Secure storm worm is still a threat. The Zhelatin.CQ worm started to spread very late on April 8th, 2007. The worm spreads in e-mails with war-related subjects as an attachment named “video.exe”, “movie.exe”, “click me.exe” and so on. The worm creates its own peer-to-peer network.
After the worm’s file is started by a user, it drops a randomly named file into the same folder where it was started from and runs it. This file installs a rootkit and p2p (peer-to-peer) component into the Windows System folder. The file name is wincom32.sys. The following startup key is created in the Registry for the dropped file:
- [HKLM\System\ControlSet001\Services\wincom32]
@ = “%WinSysDir%\wincom32.sys”
![[hackers black book]](http://raxso.net/images/hbb-ani-misuse.gif)
Leave a Reply