Invitation Card.zip Description

Invitation Card.zip is a counterfeit email that arrives on a system with a worm attached to it. Invitation Card.zip masquerades as an invite to the social networking site Twitter.com. The Invitation Card.zip reads as follows:

“From: invitations@twitter.com
Subject: Your friend invited you to twitter!”

Once this email attachment is opening, the worm will be launched and begin copying itself to every removable drive and shared folder on the computer, in order to spread to other machines. This worm may also download a Trojan onto the compromised computer, typically a Trojan Vundo.

Type: Worms

How Can You Detect Invitation Card.zip?

Invitation Card.zip has typically the following processes in memory:

• %System%\[RANDOM FILE NAME].dll
• %System%\javame1.1.exe
• %System%\javale.exe
• %System%\javawx.exe

Invitation Card.zip creates the following registry entries:

• HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\”(Default)” = “%System%\[RANDOM FILE NAME].dll
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\”ultrasparc 2.3″ = “[RANDOM DAY]”
• HKEY_CURRENT_USER\Software\Microsoft\Installer
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\”javastatio n2.3″ = “[RANDOM MONTH]”
• HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32 \”ThreadingModel” = “Both”

Important Article Disclaimer