Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Deja Vu - Snow.A InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Deja Vu - Snow.A

Published: 2006-02-28
Last Updated: 2006-02-28 16:06:43 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
Notable behavior - "drops and install WinPcap network drivers", "flood network with spoofed arp packets (arp poisoning) " and "appends its code to all .EXE files in all drives, including mapped network drives and removable disks. Thus, it is able to propagate via the network and removable drives, such as flash drives and floppy disks."

Other - "first attempts to infect files which are running processes", "its main .EXE component respawns when it is terminated, making termination more difficult."

W32/Snow.a
http://vil.nai.com/vil/content/v_138727.htm

PE_SNOW.A

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_SNOW.A

Keywords:
0 comment(s)
Diary Archives