Details
Win32.Doser.4183

This is a dangerous nonmemory resident parasitic polymorphic Win32 virus related to the Win32_AOC virus family. It searches for PE EXE files in the current Windows and Windows system directories, then looks for EXE files on the C: drive and infects them. The virus infects .EXE files as well as .DLL libraries. While infecting, the virus writes itself to the end of the file, and writes the ID text “DDoS” to a unused files in the PE EXE header.
When an infection routine is complete, the virus runs its DoS (Denial of Service) routine that, depending on the current day, selects one of seven Internet servers and performs a DoS attack on it. Two of these seven servers are unknown, and the rest appear as follows:
ctw1.citeweb.net
centralcommand.com
lockdown2000.com
europe2.f-secure.com
zonelabs2.brainstorm.net
It would seem unnecessary to say that the server list can be easily changed by the virus writer(s) in the event of possible new virus versions.

Related Posts

This entry was posted on Thursday, July 3rd, 2008 at 11:50 am and is filed under Virus Threats.