Other versions: .h
| Detection added |
Jan 13 2006 |
| Update released |
Jan 23 2006 19:56 GMT |
| Description added |
Feb 13 2006 |
| Behavior |
Internet Worm |
Worm.Win32.Feebs.gen is the detection for a number of variants in this family
of Internet worms. Worms from the Feebs family spread as an attachment to infected
messages and also via file-sharing networks.
Worms from the Feebs family are capable of terminating firewall and antivirus
programs.
This "gen" detection will detect a JavaScript component which spreads as an
attachment to infected messages. This component downloads an executable copy
of the worm from designated servers, saves it to the victim machine, and launches
it for execution.
The JavaScript component will also cause a fake Internet page to be displayed,
which informs the user that there is no connection available.
If it detects them on the victim machine, the JavaScript component will also
delete the following records from the system registry:
[HKLM\System\CurrentControlSet\Services]
"FirePM"
"KmxFile"
"pcipim"
"pcIPPsC"
"RapDrv"
