Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Vundo

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published 15 Jun 2005 03:00:00
Description created 30 Oct 2007 07:25:00
Description updated 30 Oct 2007 07:25:00
Malware type TROJAN
Alias W32/Virtumonde
Spreading mechanism EMAIL
NETWORK
Summary None

W32/Vundo

Spreading

File sizes of the various droppedĀ files vary.
Changes to filesystem: Creates file %exectution path%\install.exe Creates file %exectution path%\patch.exe Creates file %exectution path%\keygen.exe Creates file %exectution path%\crack.exe Creates file %root%\Documents and settings\%username%\Local settings\Temp\exe%random number%.exe Attempts to open file %exectution path%\crack.exe Attempts to open file %root%\Documents and settings\%username%\Local settings\Temp\exe%random number%.exePossible backdoor functionality: Opens and listens on port 1029 (UDP) Opens and listens on port 1030 (UDP)Network: Looks for an internet connection Runs Internet Explorer with parameter -embedding from command lineThreads:Injects a thread into Explorer.exe and Winlogon.exe

Payload Details

Possible backdoor functionality.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12