Home / malwarePDF  

Win32.P2P.Lorrin.A@mm


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.P2P.Lorrin.A@mm is also known as I-Worm.Mapson, (KAV.

Explanation :

The worm spreads itself via email, attached as mentioned before and also by sharing itself through the most common P2P programs as follows:

eDonkey 2000
Gnucleus
ICQ
KaZaA
LimeWire
Morpheus
Grokster

It copies itself in listed below folders:

edonkey2000incoming
gnucleusdownloads
icqshared files
KaZaAMy Shared Folder
kazaa litemy shared folders
limewireshared
morpheusmy shared folder
GroksterMy Grokster

with different combinations of the following names (all names generated end with .EXE):

Desnuda en la playa
las pelotas de
Nude Pic
Sexo en la playa con
Sexy Beach
Sexy Bikini
Alejandra Guzman
Angelica Vale
Brenda
Britney Spears
Cameron dias
Celine Dion
Francini
Galilea Montijo
Halle berry
Kylie Minogue
Laura Pausini
Lili Brillanti
Lorena
Paulina Rubio
Pink
Shakira
Thalia
Ad-aware
Adobe Acrobat Reader (32-bit)
AOL Instant Messenger (AIM)
Biromsoft WebCam
Copernic Agent
Delphi 6
Diet Kaza
DirectDVD
DivX Video Bundle
Download Accelerator Plus
FireWorks 4
FIreWorks MX
Global DiVX Player
Grokster
ICQ Lite
ICQ Pro 2003a beta
iMesh
JetAudio Basic
Kaspersky Antivirus
Kazaa Download Accelerator
Kazaa Media Desktop
Matrix Movie
McAfee Antivirus
Microsoft Internet Explorer
Microsoft Office XP
Microsoft Windows Media Player
Microsoft Windows 2003
Morpheus
msn hack
MSN Messenger (Windows NT/2000)
Nero Burning ROM
NetPumper
Network Cable e ADSL Speed
Norton Antivirus
Office 2003
Panda Antivirus
PerAntivirus
Pop-Up Stopper
QuickTime
RealOne Free Player
Registry Mechanic
SnagIt
SolSuite 2003: Solitaire Card Games Suite
Spybot - Search & Destroy
Trillian
Virtual Girl Sofia
Visual Studio Net
Winamp
WinMX
WinRAR
WinZip
WS_FTP LE (32-bit)
XoloX Ultra
ZoneAlarm
crack all versions
Cracked
Full version
KeyGen

The mail addresses are collected from the MSN Messenger contact list.

As a payload the malware displays two message boxes in july containing information about the author and the worm.

Last update 21 November 2011

 

TOP

Malware :