W32/Supova.D

description-logoAnalysis

  • Virus is 32bit, with a size 49,152 bytes
  • Virus is coded in Visual Basic 6 and requires MSVBVM60.DLL in order to be a threat
  • When executed, this virus may copy itself to the Windows folder as these
    filenames -

    Alles-ist-vorbei.exe
    Desktop-shooting.exe
    Hello-Kitty.exe
    BigMac.exe
    Hellokitty.exe
    Cheese-Burger.exe

  • Next, virus may modify the registry for the Kazaa Peer-to-Peer file sharing application such that the shared folder is now Windows\Media

  • Virus may copy itself to the Windows\Media folder as the following names -

    A.exe
    Age of empires 2 crack.exe
    Battle net key generator (WORKS!!).exe
    Britney spears hard porn (REAL!).exe
    Britney spears nude.exe
    Cable modem uncapper.exe
    Christina Aguilera fuck (REAL!).exe
    CloneCD + crack.exe
    CloneCD all-versions key generator.exe
    Copy protection remover.exe
    Crazy taxi crack.exe
    DivX codec v6.0.exe
    DivX newest version.exe
    DivX patch - Increases quality.exe
    DivX pro key generator.exe
    DivX.exe
    Doom 3 preview!!.exe
    Doom 3 screenshots.exe
    Dragonball Z COMPLETE episode guide.exe
    Dragonball Z episode 1.exe
    Dragonball Z shootout.exe
    Dragonball Z.exe
    Gamecube Emulator (WORKS!!).exe
    Grand Prix 4 crack.exe
    Grand theft auto 3 CD1 crack.exe
    Grand theft auto 3 trainer.exe
    GTA3 crack.exe
    Hack into any computer!!.exe
    Half-life ONLINE key generator.exe
    Half-life WON key generator.exe
    Jedi Knight 2 crack.exe
    J-LO Nude (REAL!!).exe
    KaZaA hack.exe
    KaZaA lite.exe
    KaZaA media desktop v2.0 UNOFFICIAL.exe
    KaZaA spyware remover.exe
    Key generator for all windows XP versions.exe
    Key generator for over 1,000 applications (really!).exe
    Kiddy child incest porn.exe
    Macromedia Dreamweaver MX Key Generator.exe
    Macromedia Flash MX Key Generator.exe
    Macromedia MX key generator (all products).exe
    Microsoft key generator, works for ALL microsoft products!!.exe
    Microsoft Office XP (english) key generator.exe
    Microsoft Office XP iso.exe
    Microsoft Windows XP crack pack.exe
    Neverwinter nights crack.exe
    Nokia simlock remover (includes new models).exe
    Norton antivirus 2002.exe
    Quake 4 BETA.exe
    Resident Evil [DivX].exe
    Sex.exe
    Shrek.exe
    Star wars episode 2 downloader.exe
    Starcraft 2 preview!.exe
    Starcraft battle net key generator.exe
    Starcraft ONLINE crack.exe
    Warcraft 3 battle net serial generator.exe
    Warcraft 3 ONLINE key generator.exe
    Warcraft 3 trainer.exe
    Windows XP key generator.exe
    Windows XP serial generator.exe
    Winrar + crack.exe
    Winzip 8.0 + serial.exe
    XBOX emulator (WORKS!!).exe
    Xbox info.exe

  • Virus may also attempt to distribute itself to others on an infected host by sending itself to contacts listed in the MSN Messenger contact list

  • Virus contains additional code to attempt a denial of service attack against three websites using the application PING.EXE on the 5th of any month -

    www.beliefnet.com
    www.christianity.com
    www.islamicity.com

  • Virus contains file deletion code which attacks critical files on the host - this can occur on the 7th of any month

Telemetry logoTelemetry