Threat Database Worms Invitation Card.zip

Invitation Card.zip

By Sumo3000 in Worms

Invitation Card.zip is a counterfeit email that arrives on a system with a worm attached to it. Invitation Card.zip masquerades as an invite to the social networking site Twitter.com. The Invitation Card.zip reads as follows:

"From: invitations@twitter.com
Subject: Your friend invited you to twitter!"

Once this email attachment is opening, the worm will be launched and begin copying itself to every removable drive and shared folder on the computer, in order to spread to other machines. This worm may also download a Trojan onto the compromised computer, typically a Trojan Vundo.

File System Details

Invitation Card.zip creates the following file(s):
# File Name Detections
1. %System%\[RANDOM FILE NAME].dll N/A
2. %System%\javame1.1.exe N/A
3. %System%\javale.exe N/A
4. %System%\javawx.exe N/A
5. Invitation Card.zip N/A

Registry Details

Invitation Card.zip creates the following registry entry or registry entries:
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\"(Default)" = "%System%\[RANDOM FILE NAME].dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"ultrasparc 2.3" = "[RANDOM DAY]"
HKEY_CURRENT_USER\Software\Microsoft\Installer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"javastatio n2.3" = "[RANDOM MONTH]"
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32 \"ThreadingModel" = "Both"

Trending

Most Viewed

Loading...