W32/Tenga.A - Released Dec 30, 2005 - Last Updated May 16, 2006
|
Detection Availability
|
Visible SymptomsAn increase on the current filesize by approximately 3665 bytes. |
Detailed AnalysisThis malware is a Win32 Infector.
The appended virus code is approximately 3665 bytes.
This virus creates a Mutex named "gaelicum", to check if its running already in memory.
The malware appears to access utenti.lycos.it and issues an FTP command GET for a certain DL.EXE.
The malware searches for ".exe" files within %System% folder and infectes them.
|
Recommended Action
FortiGate systems:
check the main
screen using the web interface to ensure the latest AV/NIDS database
has been downloaded and installed -- if required, enable the "Allow Push Update" option
|
