The Web    Google
1/12: Mugly-D Worm Drops IRC Backdoor

1/12: Mugly-D Worm Drops IRC Backdoor
January 12, 2005

W32/Mugly.d@mm is an email worm is written in Visual Basic. It bears the followng characteristics:

  • contains its own SMTP engine for constructing messages
  • harvests email addresses from files on the victim machine
  • spoofs the From: address
  • drops an IRC backdoor (this is detected as W32/Sdbot.worm.gen.g with the specified engine/DATs)

    The worm constructs messages using its own SMTP engine, and harvests target addresses from the victim machine. The following files are searched for addresses:

  • .wab
  • .adb
  • .tbb
  • .dbx
  • .asp
  • .php
  • .htm
  • html
  • .sht
  • .txt
  • .doc

    More information can be found at McAfee page.

  • New Worm Throws 'Smackdown' on Users
  • 5/6: Bakaver.A Infects Portable Drives
  • Securing the DoJ
  • 3/4; PWSteal.Bankash-B Trojan Steals Info
  • 3/16: Rbot-YB Worm OKs Remote Access
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • Enforcer 3.1 Bars Unsanctioned IM, P2P Access
  • Phishing Grows with Holiday Shopping Spike
  • 4/6: Mydoom-AJ Worm Uses Email
  • 12/27: Worm_Santy-F Targets phpBB Applications
  • 9/8: Rbot-IL Spreads To Remote Shares
  • Buy Security Camera