W32/Igloo-15

Discussion in 'malware problems & news' started by Technodrome, Feb 13, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    W32/Igloo-15 is a backdoor Trojan and internet worm which spreads via file sharing on KaZaA networks and via IRC channels.

    When first run W32/Igloo-15 copies itself to the Windows System folder as Explorer.exe and RealWayToHack.exe and creates the following registry entry so that Explorer.exe is run automatically each time Windows is started:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EXPLORER
    = %System%\EXPLORER.EXE

    more: http://www.sophos.com/virusinfo/analyses/w32igloo15.html



    Technodrome
     
    Technodrome, Feb 13, 2003
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...