WORM_PLEXUS.C

Discussion in 'malware problems & news' started by Randy_Bell, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_PLEXUS.C is a recently discovered worm that uses its own SMTP engine to send copies of itself via email. Emails appear with subject headers like: "Order" or "Good Offer". Messages appear to be from a familiar person.

    Examples of messages:
    "Look at my new screensaver. I hope you will enjoy"
    "In this archive you can find all those things, you asked me"

    The message comes with an .EXE attachment. Once executed, WORM_PLEXUS.C drops several copies of itself onto the infected system and creates Windows registry entries to automatically execute at each system startup.

    To propagate, WORM_PLEXUS.C looks for files with the following extension names to retrieve email addresses and domain names: HTM, HTML, PHP, TBB, TXT. This worm can also drop copies of itself in the Kazaa (peer-to-peer network) shared folder, and propagate through network shares with full access rights.

    This worm's code also contains the following text:
    "KAV I'm Expletus !!!, Made in China"

    This worm is currently in-the-wild and affects Windows 95, 98, ME, NT, 2000, and XP operating systems.

    If you would like to scan your computer for WORM_PLEXUS.C or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_PLEXUS.C is detected and cleaned by Trend Micro pattern file #902 and above.
     
Thread Status:
Not open for further replies.