Threat Database Worms Invitation


By Sumo3000 in Worms

Invitation is a counterfeit email that arrives on a system with a worm attached to it. Invitation masquerades as an invite to the social networking site The Invitation reads as follows:

Subject: Your friend invited you to twitter!"

Once this email attachment is opening, the worm will be launched and begin copying itself to every removable drive and shared folder on the computer, in order to spread to other machines. This worm may also download a Trojan onto the compromised computer, typically a Trojan Vundo.

File System Details

Invitation creates the following file(s):
# File Name Detections
1. %System%\[RANDOM FILE NAME].dll N/A
2. %System%\javame1.1.exe N/A
3. %System%\javale.exe N/A
4. %System%\javawx.exe N/A
5. Invitation N/A

Registry Details

Invitation creates the following registry entry or registry entries:
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\"(Default)" = "%System%\[RANDOM FILE NAME].dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"ultrasparc 2.3" = "[RANDOM DAY]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"javastatio n2.3" = "[RANDOM MONTH]"
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32 \"ThreadingModel" = "Both"


Most Viewed