Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Allaple.A worm: Highly polymorphic with Password attack

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Fri Dec 08, 2006 7:12 am    Post subject: Allaple.A worm: Highly polymorphic with Password attack Reply with quote

Quote:
Allaple is a powerful polymorphic LAN and Internet worm. It uses a number of exploits to spread and performs a dictionary attack on network share passwords. The worm copies itself multiple times to a hard drive and also affects HTML files. In addition the worm performs a DoS (Denial of Service) attack on a few websites...The worm's file is polymorphically encrypted. It means that every copy of the worm is different from each other...After the worm's file is run it goes through the polymorphic decryptor and then proceeds to the static part of the code that allocates a memory buffer and extracts the main worm's code into it. Then the control is passed directly to the extracted worm's code.

After getting control, the worm creates a few threads. One thread scans for vulnerable computers (on TCP ports 139 and 445) and sends exploits there in order to infect them. The worm also tries to bruteforce network share passwords by performing a dictionary attack on them...The worm creates a different CLSID for every copy of itself that it creates on a hard drive. And the number of these copies can be quite large. The names of the worm's files are random...The following TCP ports used during the DoS attack: 22, 80, 97, 443...

http://www.f-secure.com/v-descs/allaple_a.shtml
http://secunia.com/virus_information/34550/allaple.a/
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group