|
|
|
|
| |
| A new Trojan/Worm called 'PrettyPark' is spreading via e-mail, but this time it's not as innocent as Mellisa. |
| |
Credit:
This Trojan is detected and removed by the AntiViral Toolkit Pro: WWW.AVP.CH.
|
| |
PrettyPark is a Trojan that has many of the characteristics of a Worm, a Virus and a backdoor application. It infects spreads in a small Windows EXE file (of about 58K in length) and when executed, registers itself as a system VXD (virtual device driver) called FILES32.VXD.
It then opens an Internet connection to various IRC servers (for example: irc.twiny.net, irc.stealth.net, irc.grolier.net, irc.club-internet.fr, ircnet.irc.aol.com and more), in order to 'contact' its author. When this contact is made, the Trojan can be used to manipulate the system like create, execute or erase files, and can also send crucial system information such as passwords, dial-up numbers, directory info, ICQ numbers, etc.
This Worm spreads by sending a message to all address book recipients, containing the subject text: C:\CoolProgs\Pretty Park.exe and an attached version of the Trojan application.
PrettyPark is written in Delphi, and runs on Windows 95/98 and Windows NT machines.
|
|
|
|
|
|
|
|
|
|
