Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
Modifies file system :
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
Network activity:
Connects to:
- 'an###tics4u.net':80
- 'ip#####try.hackers.lv':80
TCP:
HTTP GET requests:
- ip#####try.hackers.lv/
HTTP POST requests:
- an###tics4u.net/gatter/connect.php
UDP:
- DNS ASK an###tics4u.net
- DNS ASK ip#####try.hackers.lv
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: 'SysAnalyzer'
- ClassName: '' WindowName: 'The Wireshark Network Analyzer'