Selected viruses, spyware, and other threats: sorted alphabetically
Short description
Win32/Peerfrag.FM is a worm that spreads via P2P networks. The worm contains a backdoor. It can be controlled remotely. Installation
When executed, the worm creates the following folder: - %systemdrive%RECYCLERS-1-5-21-%variable%
The following files are dropped in the same folder:
- wnzip32.exe (188416 B)
- Desktop.ini
- explorer.exe
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NT
CurrentVersionWinlogon]
"Taskman" = "%systemdrive%S-1-5-21-%variable%wnzip32.exe" - [HKEY_CURRENT_USERSOFTWAREMicrosoftWindows NT
CurrentVersionWinlogon]
"Shell" = "explorer.exe,%systemdrive%S-1-5-21-%variable%
wnzip32.exe"
Spreading
The worm creates the following folders: - %drive%system32
- autorun.exe (188416 B)
- Desktop.ini
- %drive%autorun.inf
Spreading via P2P networks
Win32/Peerfrag.FM is a worm that spreads via P2P networks. The worm searches for shared folders of the following programs:
- Ares Galaxy
- BearShare
- DC++
- eMule
- eMule Plus
Spreading via IM networks
The worm sends links to MSN Messenger users. If the link is clicked a copy of the worm is downloaded.
Other information
The worm is sent data and commands from a remote computer or the Internet. It can be controlled remotely. The worm connects to the following addresses:
- sub7.ahdjejgf.com (UDP:1221)
- perform DoS/DDoS attacks
- download files from a remote computer and/or Internet
- run executable files
- spread via shared folders and P2P networks
- spread via MSN network
- perform port scanning
- computer name
- user name
- network adapter information
- operating system version
- Mozilla Firefox account information
- Windows Protected Storage passwords and credentials
The worm may create and run a new thread with its own program code within any running process.
