Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Apple iPhone Service' = '%APPDATA%\iPhone.exe'
Creates the following files on removable media:
- <Drive name for removable media>:\Bank Documents.url
- <Drive name for removable media>:\Personal Photos.url
- <Drive name for removable media>:\My Videos.url
- <Drive name for removable media>:\Naked Pics.url
- <Drive name for removable media>:\Important Files.url
- <Drive name for removable media>:\Laptop\Battery\iPhone.exe
- <Drive name for removable media>:\Laptop\Battery\Desktop.ini
- <Drive name for removable media>:\www.sex-porno-world.com.url
- <Drive name for removable media>:\autorun.inf
Modifies file system :
Creates the following files:
- %APPDATA%\iPhone.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\Laptop\Battery\iPhone.exe
- %APPDATA%\iPhone.exe
Network activity:
Connects to:
- 'xs#.##5fotos.info':51987
UDP:
- DNS ASK xs#.##5fotos.info