Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Tibick.C

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 16 Jan 2005 03:40:00
Description updated 16 Jan 2005 03:40:00
Malware type WORM
Alias P2P-Worm.Win32.Tibick.d
W32/Tibick!p2p
W32.Tibick
Spreading mechanism OTHER
Summary None

W32/Tibick.C

Spreading

W32/Tibick.C starts by copying itself to %SYSTEM%\svcnet.exe. The worm then creates the following registry values to ensure it is started with Windows: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Shellapi32 = svcnet.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Shellapi32 = svcnet.exe Next, Tibick.C creates a new directory in the %SYSTEM% directory, called “msview". The worm then copies itself to this folder using a number of filenames: Ad-aware.exe Ad-aware Professional.exe Spybot - Search & Destroy.exe ICQ 4.exe WinZip.exe WinZip 9.x Crack.exe WinZip All KeyGen.exe iMesh.exe LimeWire.exe ICQ Pro 2003b.exe DivX Player (with DivX Codec).exe DivX Player Crack.exe Morpheus.exe RealPlayer.exe RealPlayer Crack.exe Download Accelerator Plus.exe WinRAR.exe WinRAR 3.x Crack.exe WinRAR All KeyGen.exe Webroot Spy Sweeper.exe Webroot Spy Sweeper Crack.exe Avant Browser.exe WinMX.exe Warez P2P.exe Trillian.exe Adobe Acrobat Reader.exe HijackThis.exe Nero 6 Ultra Edition.exe Nero 6 Ultra Edition Crack.exe Nero 6 Ultra Edition KeyGen.exe eMule.exe Spyware Doctor.exe Spyware Doctor Crack.exe Ares Galaxy.exe Kazaa Download Accelerator Pro.exe NetPumper.exe NetPumper Crack.exe SpyHunter.exe SpyHunter Crack.exe ZoneAlarm.exe All-in-One Secretmaker.exe MSN Toolbar.exe dBpowerAmp Music Converter.exe MyIE2.exe VirtualLab Data Recovery.exe Registry Mechanic.exe Registry Mechanic Crack.exe Shockwave Player.exe Mozilla Firefox.exe QuickTime.exe JetAudio Basic.exe MSN Messenger (Windows XP).exe Yahoo Messenger.exe AOL Instant Messenger (AIM).exe LimeWire (International).exe Microsoft Windows Media Player.exe BitComet.exe SpywareBlaster.exe Grokster.exe RoboForm.exe Ares Lite.exe Winamp Full.exe ZeroSpyware Lite.exe SolSuite 2004 - Solitaire Card Games Suite.exe SolSuite 2004 - Solitaire Card Games Suite Crack.exe Snood.exe Finally, Tibick.C attempts to locate a number of different P2P programs, including: DC++ eMule Morpheus iMesh If it’s successful in locating any of the above programs then Tibick.C will proceed to modify their default share directories to point to the newly created %SYSTEM%\msview.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12