Internet-蠕虫,通过"peer-to-peer"的Kazaa和Morpheus网络传播(文件交换网)传播。蠕虫在这些网络的公共目录中繁殖。
蠕虫是一个Windows应用程序(PE.EXE),用Visual Basic写成的,大约29K。
安装
蠕虫在Windows自动运行目录中建立文件:
C:\WINNT\system32\config\systemprofile\StartMenu\Programs\Startup\system.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\Start Menu\Programs\Startup\system.exe
繁殖
蠕虫使用以下文件名把自己复制到P2P网络的目录中(在Moprheus网络中容许错字):
C:\Program Files\KaZaA\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears.exe
C:\Program Files\KaZaA\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_3.exe
C:\Program Files\KaZaA\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_.exe
C:\Program Files\KaZaA\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_4.exe
C:\Program Files\Morpeus\My SharedFolder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears.exe
C:\Program Files\Morpeus\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_2.exe
C:\Program Files\Morpeus\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_.exe
C:\Program Files\Morpeus\My Shared Folder\free_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy- music-movie-sum-of-fears_4.exe
其它作用
在安装到系统中后,蠕虫打开一个窗口:
并且窗口慢慢地从上到下,从左到右移动。如果点击该窗口,蠕虫运行http://www.ignifuge.com/getpaid服务器上的 "join.php"脚本。 然后蠕虫在屏幕的左上角建立个蓝色的"Money"按钮。点击该按钮,蠕虫同样执行上边的那个脚本。