Home / malware Worm:Win32/Antinny.BM
First posted on 27 March 2009.
Source: SecurityHomeAliases :
There are no other names known for Worm:Win32/Antinny.BM.
Explanation :
Worm:Win32/Antinny.BM is a worm that is intended to spread via the Winny P2P file sharing application.
Symptoms
System ChangesThe following system changes may indicate the presence of this malware:The presence of the following files:
c:system653.exeThe presence of the following registry value and data: Value: system653With data: "c:system653.exe"In subkey: HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Worm:Win32/Antinny.BM is a worm that attempts to spread via the Winny P2P file sharing application. However, the worm did not function as intended in our laboratory testing.
Installation
Worm:Win32/Antinny.BM copies itself in the system as the file 'c:system653.exe'. It modifies the system registry so that its copy runs every time Windows starts: Adds value: "system653"
With data: "c:system653.exe"
To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun It also creates folders according to the following format:
C:<Japanese characters><numbers>><User name> These folders may contain garbage files and folders.Spreads Via...File Sharing ApplicationWorm:Win32/Antinny.BM spreads by making its copy available for download using the Winny P2P file sharing program. It creates the following folders to facilitate its spreading:C:LOG01 C:LOG01explorer C:LOG01windows It modifies the file 'UpFolder.txt' to include 'C:LOG01' and its subfolders. This text file is a configuration file that determines which folders
contain files that are to be shared using the application. Upon analysis, this functionality did not perform as intended.
Analysis by Matt McCormackLast update 27 March 2009
