W32/Winur-D

Discussion in 'malware problems & news' started by Technodrome, May 13, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Aliases
    W32.HLLW.Purol, W32/Winur.worm.d, WORM_PUROL.A, Worm.P2P.Purol.b

    At the time of writing Sophos has received no reports from users affected by this worm. However, we have issued this advisory following enquiries to our support department from customers.

    At the time of writing Sophos has received just one report of this worm from the wild.

    W32/Winur-D is a worm that exploits peer-to-peer networks such as BearShare, Morpheus, eDonkey2000, Gnucleus, KaZaA, KaZaA Lite and LimeWire and also the file sharing capabilites of the ICQ messaging system.

    When executed the worm copies itself to the Windows folder with the filenames lorupscr.scr, winstart32.exe and hwinfoq.com and sets the following registry entries:

    more: http://www.sophos.com



    Technodrome
     
Thread Status:
Not open for further replies.