The Web    Google
1/12: Mugly-D Worm Drops IRC Backdoor

1/12: Mugly-D Worm Drops IRC Backdoor
January 12, 2005

W32/Mugly.d@mm is an email worm is written in Visual Basic. It bears the followng characteristics:

  • contains its own SMTP engine for constructing messages
  • harvests email addresses from files on the victim machine
  • spoofs the From: address
  • drops an IRC backdoor (this is detected as W32/Sdbot.worm.gen.g with the specified engine/DATs)

    The worm constructs messages using its own SMTP engine, and harvests target addresses from the victim machine. The following files are searched for addresses:

  • .wab
  • .adb
  • .tbb
  • .dbx
  • .asp
  • .php
  • .htm
  • html
  • .sht
  • .txt
  • .doc

    More information can be found at McAfee page.

  • 1/11: Agobot-OV Worm Connects to IRC Server
  • 5/3: Bbprox-A Trojan Acts as Proxy Server
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • 1/10: Gaobot.CKP Worm Lets Hackers In
  • Sklyarov Takes Stand as ElcomSoft Begins Defense
  • House Passes Federal Anti-Spam Bill
  • CERT, ArcSight Partner With 3 Universities On Security Sharing
  • 2/2: Symbos_Locknut-A Hits Symbian Devices
  • Vericept Adds Fraud, Identity Theft Protection
  • 'Critical' Office 2003 Patch Released
  • Corporate Data Leaks Spur Interest in Storage Security
  • Buy Security Camera