MSN Messenger Users Warned of Internet Virus - Rodok Worm

Discussion in 'malware problems & news' started by javacool, Oct 10, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Feb 10, 2002
    (Quoted from
    BitDefender has posted information regarding this worm:

  2. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    It also known as Fleming!

    The Internet worm "Fleming" has been detected stealing registration information from computer games.

    Kaspersky Labs, an international data-security software developer, announces the detection of a multi-component malicious program spreading itself via the popular Windows (.NET) Messenger program. The harmful code contains a "trojan" that hijacks registration information from the computer games Counter-Strike and Half-Life. Fleming also tries to download and launch other mal-intended programs from the Internet. At this time multiple infections have been registered.

    The Fleming Internet worm is a 32-bit Windows application (.exe file) with a size of 53,248 bytes and written in Visual Basic. The worm spreads via the Windows (.NET) Messenger Internet chat program that is built into Windows XP. The worm circulates a message written in English that proposes recipients download a program supposedly developed by the message's author.

    The message appears as follows:
    The Internet address appearing in the message ( contains a copy of the worm.

    Fleming does not install itself into the system and is triggered into action only if users launch its code (for example, double-clicking on the program icon in Windows Explorer). When launched, Fleming attempts to download two files from the Internet site "". The names and save locations of these two files are:


    Next the worm connects with Windows (.NET) Messenger and waits for incoming messages. When it receives certain messages from the user "", Fleming sends out a reply containing registration information (CD-Keys) from Counter-Strike and Half-Life.
    Fleming also finds the Windows (.NET) Messenger contact list and sends its message to each entry.

    According to Kaspersky Labs, at this time, the Internet resource "" is locked.


Thread Status:
Not open for further replies.