W32/Vustog.A Worm

 Information about the W32/Vustog.A Worm:

W32/Vustog.A is a worm. The worm will infect Windows systems and spreads through email.

The subject of the infected mail will be any of the following;.

Your message was not delivered.
Your message is undeliverable.
Your message could not be delivered.
Service unavailable.
Network failure.
Message is too large.
Mail transaction failed. Session aborted.
Mail transaction failed. Service unavailable.
Mail transaction failed. Partial message is available.
Mail transaction failed. Message is too large.
Mail transaction failed. Mail quota exceeded.
Mail transaction failed. Data format error.
Mail transaction failed.
Mail quota exceeded.
Destination host is not responding.
Data format error.

The name of the infected attachment will be any of the following;

youtube-you
yousite
yourwebsite
yoursite
yourmyspacedetails
your tax returns
your personal information
your personal details
your financial information
your financial details
your bank account details
your SSN etc
transcript
s Creed
readme
pokertechnique
pokerstrategy
poker
onlinepoker
onlinegaming
onlinecasino
myspacedetails
myspace
message
letter
instructions
gaming
document
details
casino
attachment
Warhammer Online Age Of Reckoning
Virtua Fighter 5
Unreal Tournament 2007
The Hills Have Eyes II
Terminator 4
Tekken
Studio 60 on the Sunset Strip season 2
Starcraft: Ghost
Star Wars: Empire at War
Star Trek: Legacy
Spore
Splinter Cell: Double Agent
Spider-Man 3
Smith season 2
Six Degrees season 2
Shark season 2
Rush Hour 3
Resistance: Fall of Man
Resident Evil 5
Resident Evil 3
Rainbow Six: Vegas
Pursuit Force
Premonition
Paris Hilton
Pamela Anderson
Neverwinter Nights 2
Metal Gear: Subsistence
Lost season 4
Live Free or Die Hard
Killzone PS3
Jessica Simpson
Jessica Alba
Jericho season 2
Jennifer Lopez
Indiana Jones 4
Huxley
Hilary Duff
Heroes season 2
Hellgate: London
Halo 3
Half-Life 2: Aftermath
Grey's Anatomy - next season
Ghost Rider
Ghost Recon: Advanced Warfighter
Full Auto 2: Battlelines
Full Auto
Final Fantasy XIII
Extreme Ghouls n' Ghosts
Enemy Territory: Quake Wars
Dungeons & Dragons Online: Stormreach
Dragonball
Crysis
Command & Conquer 3: Tiberium Wars
Carmen Electra
CSI: London
Britney Spears
BioShock
Auto Assault
Assassin
Angelina Jolie
Alien vs. Predator 2

The extension of the infected attachment may any one of the following;

.wma, .wav, .txt, .rtf, .mp3, .jpeg, .html, .gif

Upon execution, the worm copies itself as iexplore.exe to Internet Explorer folder located in the Program files folder.

It also drops the following files.

svchost.exe:svchost.exe in Windows System folder.
msfsr.sys in Windows System folder.
drivers\[Six Random Characters].sys in Windows System folder.
lsass.exe in Windows folder.

The worm modifies registry at the following location to load itself during each startup.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also copies itself to the following folders with various different names.

uploads
upload
shared
share
my shared folder
Downloads
Collections
BearShare

This worm first appeared on February 2, 2007.

 Other names of W32/Vustog.A Worm:

This Worm is also known as W32.Vutsog.A@mm.