Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Viking.GT


Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Terminates security processes, installs backdoor, downloads additional components.
Detection files published 01 Mar 2007 03:00:00
Description created 05 Mar 2007 12:54:00
Description updated 05 Mar 2007 12:54:00
Malware type WORM
Alias HLLP.Philis.ha
Spreading mechanism FILE_INFECTION
Summary None



The worm enumerates local and remote mapped drives and infects executables it finds, as well as copying itself over to remote shares as standalone files. The file infection is done by prepending the virus code to the original program; infected files thus grow by 68303 bytes.

Payload Details

The worm installs a backdoor component andalso tries to download more files from a chinese site. This site was down at the time of writing, but it has been determined that files downloaded numbered up to 11 different password stealing trojans related to various online games like World of Warcraft and Lineage. Theft of game accounts is big business and involves the theft and resale of virtual items and virtual money for real money.
Several security processes are terminated by the worm





Last Updated: 12 Nov 2015 11:06:14