We are writing a Worm


The whole process of infection is divided into several parts.

The first part is a recursive search of shared folders in the system.
The worm recursively detects shared folders in which it stores its body.

The second part is copying the worm to %homedrive% (system disk) under name "jusched.exe". The worm subsequently this location named Jusched_Diall save to the registers under branch RUN.

The third part is modifying the HOSTS file.

Other parts of the virus can implement the ability to create AutoRun files.


Zdrojové kódy sú k dispozícií pre členov  CyberSecurity Unit ◄  fóra viry.cz.