Home / malware Win32.Worm.Fujacks.DE
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Worm.Fujacks.DE is also known as (Symantec.
Explanation :
When executed, it creates copies of itself in subfolders of Program Files as executable files with different fake names (e.g.: windows2008 keygen and activator.exe, microsoft office 2007 keygen.exe, bitdefender antivirus 2009 keygen.exe...). It will also make copies of itself on the network mapped drives and removable devices. Another method to spread itself is to search for mail addresses into email clients specific files and will send a zip copy of itself to the harvested addresses. The generated mails have the subject You have got a new E-Card from your friend!
To protect itself it stops some well-known security related services (e.g. avg8wd, vsserv, mcshield, liveupdate, SAVscan, WinDefend,...)
It will use www.whatismyip.com/automation/n09230945 to find out the infected machine's IP and open a backdoor on the affected machine.
The following infected files will be dropped in the system32 folder:
javasec2 and javasec3 detected as Tojan.Downloader.Loadadv.ACB
[random].dll detected as Trojan.Vundo.GNN
In order to avoid running multiple instances it will create a named mutex (7kk7Buzx).Last update 21 November 2011
