Threat Database Worms WORM_RANSOM.FD

WORM_RANSOM.FD

By ZulaZuza in Worms

WORM_RANSOM.FD is typically downloaded from specific remote web pages by other malware, or it may be downloaded by an inexperienced user when visiting an untrusted domain. Once installed onto a computer, WORM_RANSOM.FD may modify the registry entries and system operating files in order to begin running as soon as Windows starts up. The main purpose of WORM_RANSOM.FD is to send out an email to every email address discovered on the infected machine, with itself as an attachment. The email reads as follows:

"SUBJECT:
You are a very lucky man, read this mail!

BODY:
Hi, you won a big amount of money!!! If you want to know more look at the attachment!

ATTACHMENT:
BigCashForYou.exe"

This is how WORM_RANSOM.FD spreads from system to system. Opening this email or its attachment could lead to a computer becoming infected.

File System Details

WORM_RANSOM.FD may create the following file(s):
# File Name Detections
1. BigCashForYou.exe
2. %System%\\recovery.exe
3. %System%\\kkk.exe

Registry Details

WORM_RANSOM.FD may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Identities\{0C0763B6-7496-4D73-AF61-F747E5CEBA0A}\Software\Microsoft\Outlook Express\5.0\Mail Warn on Mapi Send = "0"
Windows Recovery Console = "%System%\recovery.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Trending

Most Viewed

Loading...