Full
Name: |
Win32.Pipeline |
| Type: |
Worm |
| Also Known As: |
Win32.Image23, Pipeline Worm
Image23 |
| Danger Level: |
8 |
| Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
| Official Description: |
This is a worm that affects AIM. Once infected, a running process called csts.exe will start. This file will make constant calls to suspicious websites that will slow down your internet use. This file also creates a service called RPC Debug Control that starts with Windows. There is also evidence of another service called "Print Spooler Service" being related to this botnet worm. |
| Comment: |
This worm spreads itself through the infected users AIM buddy list. They will receive a message giving the user some excuse click a link that will end in an image. Clicking on the link will run an image#.com file to infect the machine and make it part of the botnet.
Users should also be on the lookout for the process " wowexec.exe" in the task manager that do not have any memory useage. This process is directly related to the rootkit that is also installed by this worm. |
| |
|
| Properties: |
|
