W32/Sytro.J!worm.p2p
Analysis
- The malware drops a copy of itself to the Windows folder as dextor32.exe.
- It drops several copies of itself to the undefinedWindowsundefined\Temp folder using names of files that are commonly downloaded, indicating its intent to spread through peer-to-peer (P2P) file sharing. The filenames used are the following:
- aikaquest3hentai fulldownloader.exe
- aim account stealer downloader.exe
- battle.net key generator (works!!).exe
- borland delphi 6 key generator.exe
- britney spears nude.exe
- cat attacks child full downloader.exe
- cky3 - bam margera world industries alien workshop full downloader.exe
- divx.exe
- dsl modem uncapper.exe
- gladiator fulldownloader.exe
- grand theft auto 3 cd1 crack.exe
- gta3 crack.exe
- hack into any computer!!.exe
- hacking tool collection.exe
- half-life online key generator.exe
- half-life won key generator.exe
- how to hack websites.exe
- internet and computer speed booster.exe
- jenna jameson - built for speed downloader.exe
- kazaa media desktop v2.0 unofficial.exe
- key generator for all windows xp versions.exe
- lordoftherings-fulldownloader.exe
- macromedia flash 5.0 full downloader.exe
- macromedia key generator (all products).exe
- microsoft key generator, works for all microsoft products!!.exe
- microsoft windows xp crack pack.exe
- moviezchannelsinstaler.exe
- msn password hacker and stealer.exe
- ps1 boot disc full dwonloader.exe
- quake 4 beta.exe
- scarymovie 2 full downloader.exe
- shakira fulldownloader.exe
- sims fulldownloader.exe
- sony play station boot disc - downloader.exe
- spiderman fulldownloader.exe
- star wars episode 2 - attack of the clones full downloader.exe
- star wars episode 2 downloader.exe
- starwars2 - cloneattack - fulldownloader.exe
- warcraft 3 battle.net serial generator.exe
- warcraft 3 online key generator.exe
- windows xp full downloader.exe
- windows xp key generator.exe
- windows xp serial generator.exe
- winrar + crack.exe
- winzip 8.0 + serial.exe
- xbox.info.exe
- zidane-screeninstaler.exe
- zonealarm firewall full downloader.exe
- [divx] harry potter and the sorcerors stone full downloader.exe
- [divx] lord of the rings full downloader.exe
- The malware adds the following registry key:
- HKEY_LOCAL_MACHINE\SOFTWARE\HP710C
Recommended Action
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |