Invitation Card.zip
Invitation Card.zip is a counterfeit email that arrives on a system with a worm attached to it. Invitation Card.zip masquerades as an invite to the social networking site Twitter.com. The Invitation Card.zip reads as follows:
"From: invitations@twitter.com
Subject: Your friend invited you to twitter!"
Once this email attachment is opening, the worm will be launched and begin copying itself to every removable drive and shared folder on the computer, in order to spread to other machines. This worm may also download a Trojan onto the compromised computer, typically a Trojan Vundo.
File System Details
Invitation Card.zip may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\[RANDOM FILE NAME].dll | |
| 2. | %System%\javame1.1.exe | |
| 3. | %System%\javale.exe | |
| 4. | %System%\javawx.exe | |
| 5. | Invitation Card.zip |
Registry Details
Invitation Card.zip may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\"(Default)" = "%System%\[RANDOM FILE NAME].dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"ultrasparc 2.3" = "[RANDOM DAY]"
HKEY_CURRENT_USER\Software\Microsoft\Installer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"javastatio n2.3" = "[RANDOM MONTH]"
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32 \"ThreadingModel" = "Both"
