Spam-Mailbot.m
Posted by: jasn [ITS Security] under Virus
June 2, 2009
Virus Notification/Information:
Source: McAfee (Outside Link)
Type: Trojan
Aliases: Email-Worm.Win32.Joleee.adq, Mal/WaledPak-A, Spammer:Win32/Tedroo.I, Win32:TedoBot
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Distribution potential: Low
Reported infections: Low
Damage potential: High
Overall risk rating: Low
Method(s) of Infection:
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include internet chat, peer-to-peer networks, newsgroup postings, e-mail, etc.
Description:
Spam-Mailbot.m is a family of trojans used to send spam. When run, the file copies itself as %windir%servises.exe and sets it as an allowed program in the Windows firewall. The trojan contains functionality to send out email message(s) with the built-in SMTP client engine. It attempts to connect to the following servers for additional instructions:
- 66.96.248.21
- 91.207.7.234
- 91.207.5.66
- 206.51.234.126
- 206.137.17.89
- 209.20.130.33
- [blocked].theplanet.com
Additional Info: None Found
Additional Links: Sophos