W32/Igloo-15

Discussion in 'malware problems & news' started by Technodrome, Feb 13, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    W32/Igloo-15 is a backdoor Trojan and internet worm which spreads via file sharing on KaZaA networks and via IRC channels.

    When first run W32/Igloo-15 copies itself to the Windows System folder as Explorer.exe and RealWayToHack.exe and creates the following registry entry so that Explorer.exe is run automatically each time Windows is started:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EXPLORER
    = %System%\EXPLORER.EXE

    more: http://www.sophos.com/virusinfo/analyses/w32igloo15.html



    Technodrome
     
Thread Status:
Not open for further replies.