| Name | Win32.Feebs.is |
| Threat Level |  |
| Alias | Win32.Feebs.is,WORM_FEEBS.IS |
| Date | 30 April, 2006 |
| Type | Win32,Trojan,Worm |
| Damage | Create files,Send Email |
| Platform | Win 95,Win 98,Win ME,Win NT,Win 2K,Win XP |
| Analysis |
Win32.Feebs.is a is a mass-mailing worm that can also spread via peer to peer networks.
The arriving email will have the following characteristics:
Sender: The sender of the message will be randomly generated by the worm. It will appear as follows: ID followed by random numbers with one of the following domains:
@aol.com
@gmail.com
@hotmail.com
@yahoo.com
Subject: The subject of this mail will be one of the following:
Encrypted Message from AOL.com user
Secure Email Message
Secure Email Service
Secure Mail
Secure Message
Message body: The body of this mail will be:
User ID: [Random number]
Password: [Random string of characters]
Message is attached
Sincerely,
[Random signature information]
Attached File: One of the following:
Data.zip
Mail.zip
Message.zip
Msg.zip
Malicious activity
When the worm is executed, it does the following:
1. It drops copies of itself into the default Windows System folder. It then modifies the registry to execute a copy on every startup.
2. It will also drop copies of itself into folders that contain the strings 'download' or 'share' as part of their name.
3. Finally, the worm will harvest the system for email addresses and send copies of itself to all contacts found (although some addresses may be avoided by the worm).
eSafe Users
eSafe users are protected against this vandal using the latest vandal/virus update.
A new vandal/virus update is available.
Update date: April 30, 2006
Update version: SV150
eSafe Gateway and eSafe Mail Users
Your product will be automatically updated.
You can also use the "Update now" option from within the product eConsole.
New Users
More information about eSafe Content Security Products as well as trial versions is available from here.
|
