MS06-040 wgareg / wgavm update
We have received samples and infection reports from several sources. It looks like there are so far two different binaries involved:
9928a1e6601cf00d0b7826d13fb556f0 wgareg.exe
2bf2a4f0bdac42f4d6f8a062a7206797 wgavm.exe
The former, wgareg.exe, apparently shows up simply as ".exe" (blank-dot-exe) on infected systems and only later gets renamed or copied to wgareg.exe. AV protection is slowly coming online, here's a few of the names chosen:
Symantec - W32.Wargbot - not yet in the current pattern
TrendMicro - Worm.IRCBOT.JK and JL - protection available
McAfee - IRC.Mocbot - protection as extra.dat available
F-Secure - IRCBOT-ST - protection available
We'll update this post as more information becomes available.
9928a1e6601cf00d0b7826d13fb556f0 wgareg.exe
2bf2a4f0bdac42f4d6f8a062a7206797 wgavm.exe
The former, wgareg.exe, apparently shows up simply as ".exe" (blank-dot-exe) on infected systems and only later gets renamed or copied to wgareg.exe. AV protection is slowly coming online, here's a few of the names chosen:
Symantec - W32.Wargbot - not yet in the current pattern
TrendMicro - Worm.IRCBOT.JK and JL - protection available
McAfee - IRC.Mocbot - protection as extra.dat available
F-Secure - IRCBOT-ST - protection available
We'll update this post as more information becomes available.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments