Win32/Nuwar [Threat Name] go to Threat

Win32/Nuwar.BA [Threat Variant Name]

Category worm
Size 142336 B
Detection created Dec 27, 2007
Detection database version 2750
Aliases Trojan.Peacomm (Symantec)
  Email-Worm.Win32.Zhelatin.pr (Kaspersky)
  W32/Nuwar@MM (McAfee)
Short description

Win32/Nuwar.BA installs a backdoor that can be controlled remotely. It uses techniques common for rootkits. The worm is being spammed by e-mail.

Installation

When executed, the worm drops one of the following files in the %system% folder:

  • bldy.config
  • bldy%variable%.sys

%variable% represents a random text.


The worm registers itself as a system service using the following name:

  • bldy%variable%

The worm creates and runs a new thread with its own program code within the following processes:

  • services.exe

The following Registry entries are set:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Enum\­Root\­LEGACY_BLDY%variable%\­0000]
    • "Service" = "bldy%variable%"
    • "Legacy" = 1
    • "ConfigFlags" = 0
    • "Class" = "LegacyDriver"
    • "ClassGUID" = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    • "DeviceDesc" = "bldy%variable%"
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Enum\­Root\­LEGACY_BLDY%variable%]
    • "NextInstance" = 1
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­bldy%variable%]
    • "Type = 1
    • "Start = 2
    • "ErrorControl = 1
    • "ImagePath = "\­??\­%system%\­bldy%variable%.sys"
    • "DisplayName = "bldy%variable%"
Spreading via e-mail

The worm is being spammed by e-mail.

Other information

The worm can be used for sending spam.


The worm receives data and instructions for further action from the Internet or another remote computer within its own network (botnet).


E-mail addresses for further spreading are searched for in local files with one of the following extensions:

  • .adb
  • .asp
  • .cfg
  • .cgi
  • .dat
  • .dbx
  • .dhtm
  • .eml
  • .htm
  • .html
  • .jsp
  • .lst
  • .mbx
  • .mdx
  • .mht
  • .mmf
  • .msg
  • .nch
  • .ods
  • .oft
  • .php
  • .pl
  • .sht
  • .shtm
  • .stm
  • .tbb
  • .txt
  • .uin
  • .wab
  • .wsh
  • .xls
  • .xml

Addresses containing the following strings are avoided:

  • @avp.
  • @foo
  • @iana
  • @messagelab
  • @microsoft
  • abuse
  • admin
  • anyone@
  • bsd
  • bugs@
  • cafee
  • certific
  • contract@
  • feste
  • free-av
  • f-secur
  • gold-certs@
  • google
  • help@
  • icrosoft
  • info@
  • kasp
  • linux
  • listserv
  • local
  • news
  • nobody@
  • noone@
  • noreply
  • ntivi
  • panda
  • pgp
  • postmaster@
  • rating@
  • root@
  • samples
  • sopho
  • spam
  • support
  • unix
  • update
  • winrar
  • winzip

The worm opens a random UDP port.


The worm serves as a backdoor.


It can be controlled remotely.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send files to a remote computer
  • run executable files
  • collect information about the operating system used

The worm contains a list of computers (peers) which can be used for exchanging information and instructions for further action (in the format: "IP address:Port"):

  • 12.104.78.248:19546
  • 12.150.119.1:18336
  • 12.192.22.170:20228
  • 12.196.68.28:28960
  • 24.1.238.169:27124
  • 24.2.46.250:6919
  • 24.3.56.134:19799
  • 24.3.159.185:19782
  • 24.3.234.162:28604
  • 24.12.153.231:15750
  • 24.19.160.123:2133
  • 24.32.97.84:33549
  • 24.33.95.85:14082
  • 24.33.240.239:3291
  • 24.34.3.23:30813
  • 24.39.223.123:25336
  • 24.57.21.18:9630
  • 24.57.231.168:19323
  • 24.60.145.36:30568
  • 24.88.92.106:4938
  • 24.98.162.43:6868
  • 24.107.63.103:24688
  • 24.111.80.121:31276
  • 24.116.62.220:9853
  • 24.116.165.203:15604
  • 24.117.78.248:22312
  • 24.117.95.219:2742
  • 24.117.189.46:17813
  • 24.119.144.252:1756
  • 24.123.1.101:18452
  • 24.126.241.147:10651
  • 24.148.25.172:6049
  • 24.155.13.177:20597
  • 24.159.73.39:4106
  • 24.164.15.117:10741
  • 24.175.162.72:5448
  • 24.176.65.236:7134
  • 24.180.70.185:22737
  • 24.180.207.57:17058
  • 24.182.2.236:31332
  • 24.185.94.0:19936
  • 24.188.157.193:11916
  • 24.190.25.237:25709
  • 24.191.97.69:26005
  • 24.192.225.201:19769
  • 24.193.123.134:4415
  • 24.197.126.138:10256
  • 24.200.131.4:18752
  • 24.207.44.111:5843
  • 24.217.109.25:25829
  • 24.218.98.153:18654
  • 24.223.136.152:13550
  • 24.225.223.163:23659
  • 24.236.73.218:10934
  • 24.239.63.207:15300
  • 24.247.182.147:32537
  • 24.250.250.149:8275
  • 24.255.238.249:31027
  • 41.232.220.173:14455
  • 58.74.135.13:2918
  • 58.103.68.157:10445
  • 58.121.5.52:28827
  • 58.143.232.212:14785
  • 58.150.198.211:32661
  • 58.186.173.130:21077
  • 59.1.207.150:2146
  • 59.1.207.150:12915
  • 59.6.246.130:19087
  • 59.10.223.221:26824
  • 59.17.191.110:11950
  • 59.19.22.44:1597
  • 59.26.136.118:11856
  • 59.29.255.81:26382
  • 59.114.145.81:25846
  • 59.139.52.233:13224
  • 60.34.119.206:22973
  • 60.41.141.128:28518
  • 61.92.8.128:18242
  • 61.98.145.113:11950
  • 61.105.116.141:22715
  • 61.210.67.246:14412
  • 61.254.235.233:31739
  • 62.108.26.239:22780
  • 62.168.179.15:16698
  • 63.161.2.228:10934
  • 63.166.231.161:11363
  • 63.224.35.144:24838
  • 63.230.42.170:17976
  • 64.13.10.14:16698
  • 64.20.64.155:20232
  • 64.85.228.66:16286
  • 64.148.242.213:24384
  • 64.230.47.113:30843
  • 64.252.173.90:6705
  • 65.30.25.3:21467
  • 65.31.16.168:32104
  • 65.35.49.219:17131
  • 65.75.127.97:25709
  • 65.94.172.241:10582
  • 65.96.154.117:30358
  • 65.175.238.254:20009
  • 65.184.99.28:28205
  • 65.184.236.19:32537
  • 65.189.233.73:28295
  • 66.25.59.232:28900
  • 66.41.130.137:24135
  • 66.57.189.175:1468
  • 66.61.95.4:18332
  • 66.91.243.115:5367
  • 66.122.185.157:22831
  • 66.130.192.189:31799
  • 66.131.194.155:5341
  • 66.154.94.240:28587
  • 66.183.74.238:1610
  • 66.202.107.107:23556
  • 66.203.224.181:32327
  • 66.252.102.211:18984
  • 67.8.191.249:19936
  • 67.11.178.175:32327
  • 67.60.80.187:29972
  • 67.60.227.0:10342
  • 67.68.108.224:11886
  • 67.81.56.199:3304
  • 67.82.66.57:14768
  • 67.82.66.57:32202
  • 67.83.73.164:17976
  • 67.86.122.91:13867
  • 67.95.70.125:29376
  • 67.149.46.236:15750
  • 67.149.76.204:7310
  • 67.149.175.100:8884
  • 67.160.49.243:12100
  • 67.165.111.177:17028
  • 67.168.90.74:14446
  • 67.173.150.229:4951
  • 67.181.151.213:20262
  • 67.189.48.174:24272
  • 68.8.151.189:25812
  • 68.9.208.60:5397
  • 68.12.228.180:7168
  • 68.32.9.144:25829
  • 68.41.164.176:18752
  • 68.42.110.159:25932
  • 68.42.230.212:6902
  • 68.43.171.119:4106
  • 68.48.216.2:17041
  • 68.51.149.98:11517
  • 68.52.52.41:12774
  • 68.53.101.225:28484
  • 68.82.146.212:30843
  • 68.88.79.56:29170
  • 68.88.107.82:18023
  • 68.91.240.33:12379
  • 68.92.112.250:32112
  • 68.101.30.52:19507
  • 68.103.230.24:22728
  • 68.107.27.6:12538
  • 68.108.183.127:11873
  • 68.117.50.54:4415
  • 68.117.136.224:27489
  • 68.150.63.156:9780
  • 68.187.11.210:24272
  • 68.192.95.175:19975
  • 68.195.118.55:3531
  • 68.204.209.187:17097
  • 68.209.110.3:9287
  • 68.225.236.229:11397
  • 68.229.149.67:29380
  • 69.47.116.195:14618
  • 69.70.176.186:7880
  • 69.94.168.16:32777
  • 69.115.54.1:14219
  • 69.117.187.228:21433
  • 69.119.142.134:16338
  • 69.121.4.100:21137
  • 69.121.46.150:8103
  • 69.122.133.13:11217
  • 69.123.244.7:25966
  • 69.126.115.251:2146
  • 69.134.229.107:6761
  • 69.137.230.100:2283
  • 69.143.103.5:32567
  • 69.143.171.75:5607
  • 69.146.132.233:32661
  • 69.149.122.214:33549
  • 69.152.242.2:14519
  • 69.154.17.18:16638
  • 69.158.188.231:16368
  • 69.177.233.148:30920
  • 69.181.143.82:20138
  • 69.182.92.251:22308
  • 69.212.222.63:32940
  • 69.213.252.100:16235
  • 69.223.19.105:25872
  • 69.232.226.209:19087
  • 69.235.32.120:8155
  • 69.236.21.251:20202
  • 69.236.165.153:28115
  • 69.249.37.62:4127
  • 69.254.16.63:32490
  • 69.255.68.215:1211
  • 70.46.120.182:30161
  • 70.48.242.8:8296
  • 70.50.161.189:27227
  • 70.52.176.93:29762
  • 70.65.190.12:12851
  • 70.66.19.34:28763
  • 70.72.90.132:4818
  • 70.73.60.20:32121
  • 70.73.148.232:29818
  • 70.80.9.47:2802
  • 70.112.221.81:7185
  • 70.115.211.145:5637
  • 70.119.15.165:24787
  • 70.123.121.65:13992
  • 70.123.213.87:9124
  • 70.124.90.7:15574
  • 70.128.81.108:29226
  • 70.147.190.124:8815
  • 70.170.97.20:18332
  • 70.225.161.17:16535
  • 70.226.207.139:10784
  • 70.228.75.141:7250
  • 70.241.125.75:31692
  • 70.245.21.148:6469
  • 71.10.89.223:8532
  • 71.60.68.124:28488
  • 71.60.173.173:9261
  • 71.60.234.189:2892
  • 71.62.240.21:16925
  • 71.79.72.201:5105
  • 71.82.139.75:28102
  • 71.86.65.247:33262
  • 71.95.237.170:9754
  • 71.123.190.252:24980
  • 71.133.40.108:24088
  • 71.134.8.216:29595
  • 71.136.38.9:4415
  • 71.143.5.146:29749
  • 71.170.64.190:25829
  • 71.172.39.253:14519
  • 71.178.50.105:6499
  • 71.180.127.45:19027
  • 71.183.87.42:26395
  • 71.195.90.199:11534
  • 71.199.33.171:2991
  • 71.199.249.137:5504
  • 71.199.250.21:7524
  • 71.203.20.153:27995
  • 71.208.108.61:10260
  • 71.211.234.25:3291
  • 71.219.72.8:13014
  • 71.232.183.116:5637
  • 71.244.140.28:10908
  • 72.4.236.130:2742
  • 72.15.96.14:12216
  • 72.15.120.219:31589
  • 72.15.123.4:33077
  • 72.18.236.132:18804
  • 72.24.14.196:6868
  • 72.24.201.14:4063
  • 72.45.37.54:29603
  • 72.47.120.141:1305
  • 72.51.210.76:18092
  • 72.80.185.243:14232
  • 72.136.106.244:25031
  • 72.161.108.56:20305
  • 72.174.192.77:6705
  • 72.208.241.134:13803
  • 72.209.236.105:12349
  • 72.213.48.79:7164
  • 72.241.255.17:11976
  • 74.1.169.146:19074
  • 74.59.21.67:32254
  • 74.59.116.62:26155
  • 74.61.94.35:15776
  • 74.70.149.166:28986
  • 74.71.173.61:16698
  • 74.79.103.22:25662
  • 74.95.122.202:33489
  • 74.129.214.94:32537
  • 74.130.69.59:10432
  • 74.130.215.182:17933
  • 74.131.16.170:7181
  • 74.132.68.155:21497
  • 74.133.105.188:27210
  • 74.134.124.82:6748
  • 74.134.224.139:16308
  • 74.136.165.25:26704
  • 74.138.99.152:10848
  • 74.139.223.49:20721
  • 74.140.92.127:17337
  • 74.161.39.215:5843
  • 74.197.114.4:10471
  • 74.222.98.174:3085
  • 74.231.170.222:3411
  • 75.4.40.73:16711
  • 75.8.99.161:9806
  • 75.9.80.147:18971
  • 75.17.220.177:27489
  • 75.17.228.71:9017
  • 75.19.113.98:3351
  • 75.21.91.140:28986
  • 75.21.123.135:28763
  • 75.37.78.111:32112
  • 75.38.246.31:23539
  • 75.41.234.105:14095
  • 75.42.73.223:20159
  • 75.65.209.94:15098
  • 75.66.30.87:3085
  • 75.66.35.17:16312
  • 75.69.245.60:8365
  • 75.72.64.114:3969
  • 75.74.176.65:27433
  • 75.108.138.166:32760
  • 75.118.182.0:8811
  • 75.118.182.0:17646
  • 75.134.152.96:17560
  • 76.9.33.227:20339
  • 76.10.162.41:26382
  • 76.18.39.192:8609
  • 76.19.99.231:15707
  • 76.19.238.34:20228
  • 76.20.229.30:9750
  • 76.27.101.184:5993
  • 76.64.99.38:26099
  • 76.73.192.210:13563
  • 76.73.204.59:8425
  • 76.97.10.149:33622
  • 76.98.239.88:8253
  • 76.109.26.189:10921
  • 76.110.38.232:12255
  • 76.110.118.66:9287
  • 76.112.6.94:13567
  • 76.118.74.123:32198
  • 76.119.131.117:19074
  • 76.125.144.16:2888
  • 76.166.211.58:8223
  • 76.171.140.196:15566
  • 76.183.251.152:30594
  • 76.187.32.77:3861
  • 76.189.208.186:13580
  • 76.193.78.89:19799
  • 76.195.200.210:14412
  • 76.203.225.122:8103
  • 76.214.134.107:10891
  • 76.229.137.105:32327
  • 76.243.203.75:8845
  • 76.248.255.9:14082
  • 77.41.41.134:22801
  • 77.94.126.51:25863
  • 77.111.156.129:10432
  • 77.121.223.85:2489
  • 78.20.111.159:3797
  • 78.176.230.80:5148
  • 79.112.32.149:22115
  • 79.112.50.136:18332
  • 79.112.111.28:9501
  • 79.112.116.191:17959
  • 79.113.52.137:10698
  • 80.50.90.114:25769
  • 80.50.235.106:13327
  • 81.48.135.233:24684
  • 81.192.110.102:5731
  • 82.67.230.26:33279
  • 82.76.182.151:31074
  • 82.157.244.38:32022
  • 82.236.233.166:20361
  • 83.13.120.106:20099
  • 83.86.135.253:7413
  • 83.94.135.162:2888
  • 83.228.31.47:19061
  • 83.228.49.20:16938
  • 84.10.75.24:19975
  • 84.15.135.49:27725
  • 84.26.22.58:28102
  • 84.29.11.64:24851
  • 84.36.153.207:11457
  • 84.123.149.23:9999
  • 84.238.87.145:7717
  • 85.49.218.80:11217
  • 85.120.91.62:8485
  • 85.133.149.165:9720
  • 85.140.157.218:3248
  • 85.221.160.243:12388
  • 85.249.146.18:10908
  • 86.100.67.254:24851
  • 86.104.49.53:6160
  • 86.120.95.122:19769
  • 86.122.61.66:29067
  • 86.123.16.65:23955
  • 86.125.137.143:21450
  • 86.125.161.108:12842
  • 86.208.37.157:19923
  • 87.163.68.148:10282
  • 87.207.25.224:9956
  • 87.207.117.102:24272
  • 87.226.45.119:22604
  • 87.228.124.3:22771
  • 87.240.15.3:27995
  • 87.252.185.28:33712
  • 88.104.23.101:32121
  • 88.169.4.240:15150
  • 88.227.95.91:11826
  • 89.3.144.225:16338
  • 89.15.143.9:12165
  • 89.25.46.157:3390
  • 89.35.196.51:23303
  • 89.39.112.182:19696
  • 89.39.112.236:17474
  • 89.39.118.197:16638
  • 89.41.187.63:29067
  • 89.42.37.150:3724
  • 89.44.10.36:27167
  • 89.110.49.37:17813
  • 89.113.75.108:25014
  • 89.137.135.197:20112
  • 89.178.139.163:25932
  • 89.215.83.237:7893
  • 89.240.138.224:12379
  • 91.102.226.249:31379
  • 91.102.227.249:21746
  • 91.177.83.182:26884
  • 92.112.90.23:2506
  • 96.228.26.10:26382
  • 96.234.173.68:3548
  • 98.193.139.163:20682
  • 98.195.202.14:5980
  • 98.200.30.175:29046
  • 98.200.153.247:2575
  • 98.224.188.237:29333
  • 99.236.178.209:27467
  • 99.241.144.189:28707
  • 99.246.52.70:32490
  • 99.246.224.189:33699
  • 99.248.71.22:6362
  • 99.251.21.242:24272
  • 116.14.67.225:19919
  • 116.34.8.172:22810
  • 116.37.59.231:27519
  • 116.123.121.40:26700
  • 121.1.57.190:4063
  • 121.53.139.14:10342
  • 121.55.149.107:8755
  • 121.73.33.65:5337
  • 121.108.76.141:31044
  • 121.113.255.11:24088
  • 121.116.163.186:15004
  • 121.133.205.10:5019
  • 121.163.131.51:9900
  • 122.36.84.38:11045
  • 122.43.171.147:16385
  • 122.128.167.222:17543
  • 122.161.25.205:31044
  • 122.162.195.152:11401
  • 122.164.61.87:28870
  • 122.164.185.211:19400
  • 122.164.237.237:2759
  • 122.167.131.25:18336
  • 122.167.140.95:18336
  • 122.168.63.137:4046
  • 123.18.41.80:8073
  • 123.18.66.239:25829
  • 123.18.161.226:11281
  • 123.18.162.96:15180
  • 123.19.109.55:6984
  • 123.20.78.102:20468
  • 123.49.34.73:16072
  • 123.109.195.56:27433
  • 123.109.225.160:13610
  • 123.138.255.72:4535
  • 123.254.149.240:29603
  • 124.5.237.17:11916
  • 124.43.42.125:4046
  • 124.43.212.180:26944
  • 124.48.173.169:7164
  • 124.54.122.12:3072
  • 124.102.211.39:16368
  • 124.170.182.18:4059
  • 124.171.241.190:29646
  • 125.31.157.195:5298
  • 125.31.178.89:13297
  • 125.59.38.111:32327
  • 125.60.237.202:9394
  • 125.60.241.208:4852
  • 125.134.47.36:28557
  • 125.142.252.132:4243
  • 125.163.227.129:33137
  • 125.176.135.7:13992
  • 125.178.77.10:27725
  • 125.180.203.191:24641
  • 125.181.99.205:1674
  • 125.183.88.233:9437
  • 125.184.241.6:27343
  • 128.231.226.114:14888
  • 129.130.0.2:32174
  • 130.13.181.32:5410
  • 132.239.1.114:44355
  • 132.239.1.114:52371
  • 132.239.1.114:59879
  • 134.29.44.5:30041
  • 137.238.41.149:33678
  • 138.253.85.111:21077
  • 138.253.85.234:21077
  • 142.59.122.250:9630
  • 142.131.33.232:3917
  • 142.179.242.162:20970
  • 143.215.129.26:34008
  • 143.215.129.26:34022
  • 143.215.129.26:34079
  • 143.215.129.26:34137
  • 143.215.129.26:34209
  • 143.215.129.26:34253
  • 143.215.139.177:22990
  • 148.244.213.71:12066
  • 156.63.86.188:15604
  • 168.103.139.175:25181
  • 168.126.112.207:12139
  • 172.143.36.226:3381
  • 172.212.58.243:14897
  • 189.6.38.86:18332
  • 189.32.67.180:16544
  • 189.128.141.104:3291
  • 189.128.145.165:2489
  • 189.129.15.4:9853
  • 189.129.119.117:19439
  • 189.135.171.231:24701
  • 189.136.3.41:8408
  • 189.139.21.239:28278
  • 189.139.53.31:2969
  • 189.141.113.159:27412
  • 189.156.240.223:4951
  • 189.158.194.209:5830
  • 189.159.16.28:19284
  • 189.160.27.71:21407
  • 189.163.58.147:29389
  • 189.172.11.223:4127
  • 189.174.212.137:11045
  • 189.176.82.230:17976
  • 189.180.69.50:30813
  • 189.181.143.85:9823
  • 189.191.32.205:22312
  • 190.19.3.188:19666
  • 190.36.246.83:24817
  • 190.37.74.131:19782
  • 190.37.158.222:26331
  • 190.38.88.211:14609
  • 190.40.233.227:1305
  • 190.40.243.9:3248
  • 190.42.16.207:21776
  • 190.42.142.224:20339
  • 190.42.149.193:19610
  • 190.43.16.183:2798
  • 190.43.185.107:13108
  • 190.48.238.211:18782
  • 190.66.239.127:8579
  • 190.75.105.146:16166
  • 190.128.20.115:1181
  • 190.160.161.66:18169
  • 190.188.140.178:17028
  • 190.199.13.165:32005
  • 192.24.218.130:19456
  • 192.24.218.130:19782
  • 192.24.218.131:1168
  • 192.24.218.131:6302
  • 192.24.218.132:5075
  • 192.24.218.132:28467
  • 192.24.218.133:14768
  • 192.24.218.134:21090
  • 192.24.218.135:24684
  • 192.24.218.135:31726
  • 192.24.218.136:9900
  • 192.24.218.137:30504
  • 192.24.218.138:14412
  • 192.24.218.139:21776
  • 192.169.0.58:14618
  • 193.50.186.53:7138
  • 193.239.155.98:21150
  • 194.44.244.166:26099
  • 195.189.234.249:13563
  • 195.210.139.205:8485
  • 195.218.225.66:17933
  • 196.20.38.82:32790
  • 196.44.133.20:3977
  • 196.203.53.153:32245
  • 196.205.141.190:33287
  • 198.53.50.98:18804
  • 200.2.136.38:27502
  • 200.3.249.226:11045
  • 200.8.162.124:33686
  • 200.44.215.51:2506
  • 200.63.227.102:7288
  • 200.67.183.200:10621
  • 200.84.75.210:21746
  • 200.87.175.12:10775
  • 200.87.190.254:10775
  • 200.93.122.220:17294
  • 200.109.7.242:28771
  • 201.15.219.25:3437
  • 201.43.129.26:2626
  • 201.132.24.106:18611
  • 201.139.14.110:20138
  • 201.143.228.91:7181
  • 201.152.13.178:1181
  • 201.166.66.173:12272
  • 201.208.109.148:29170
  • 201.208.129.253:6396
  • 201.209.5.251:27948
  • 201.209.144.230:26331
  • 201.209.230.81:16891
  • 201.210.128.54:16119
  • 201.212.167.50:30071
  • 201.219.44.130:16398
  • 201.220.128.148:28900
  • 201.230.224.173:27712
  • 201.230.248.124:4106
  • 201.242.249.15:12915
  • 201.244.247.134:32867
  • 202.53.14.208:1095
  • 202.62.86.14:18817
  • 202.63.101.212:6246
  • 202.65.157.86:28840
  • 202.70.64.47:15360
  • 202.131.230.212:19087
  • 202.155.218.122:10282
  • 202.156.153.199:27467
  • 202.164.34.187:29003
  • 202.182.49.250:1168
  • 203.87.179.158:23526
  • 203.90.43.69:12066
  • 203.99.184.197:24701
  • 203.101.104.228:18148
  • 203.123.32.131:12388
  • 203.172.175.41:2836
  • 203.186.34.69:22441
  • 203.198.255.111:11890
  • 204.210.237.18:22715
  • 205.151.63.151:63651
  • 205.174.123.35:9604
  • 206.75.25.69:30903
  • 206.173.181.224:28973
  • 206.245.184.34:7022
  • 207.6.47.59:28145
  • 207.70.157.60:33742
  • 207.81.247.68:9939
  • 207.134.231.75:17766
  • 207.210.49.53:8429
  • 207.255.222.157:1966
  • 208.16.132.90:27489
  • 208.57.145.240:1610
  • 208.127.90.110:32811
  • 209.60.47.74:22973
  • 209.102.240.129:32790
  • 209.107.97.234:9630
  • 209.142.189.111:18336
  • 209.158.56.4:27935
  • 209.191.208.93:25181
  • 210.56.117.84:15780
  • 210.109.244.10:3986
  • 210.123.186.123:4050
  • 210.210.250.169:28591
  • 210.214.45.199:32820
  • 210.220.80.85:21407
  • 210.253.232.108:24101
  • 211.2.61.178:7717
  • 211.41.217.143:30058
  • 211.47.94.151:23968
  • 211.61.125.233:2463
  • 211.115.63.227:25289
  • 211.179.33.18:14455
  • 211.201.9.204:25606
  • 211.202.173.173:23466
  • 211.203.160.214:13554
  • 211.207.169.45:24594
  • 211.208.53.75:9999
  • 211.212.116.218:14618
  • 211.235.52.52:14532
  • 211.238.53.214:18997
  • 211.244.61.213:27060
  • 211.244.142.24:27935
  • 212.0.221.108:3424
  • 212.55.113.231:32884
  • 212.71.154.41:22312
  • 212.192.236.233:4273
  • 212.220.132.157:19430
  • 213.65.75.20:22338
  • 213.141.159.114:31713
  • 213.160.178.17:15746
  • 213.163.110.53:16398
  • 213.243.148.174:28883
  • 216.31.76.220:30671
  • 216.46.152.156:5397
  • 216.186.146.41:14378
  • 216.232.138.195:15120
  • 216.254.24.236:18341
  • 217.23.201.169:18697
  • 217.53.194.142:7404
  • 217.54.71.229:20142
  • 217.54.170.34:26391
  • 217.54.216.61:2836
  • 217.91.113.187:32344
  • 217.120.127.143:17286
  • 217.172.29.36:1065
  • 217.172.242.75:11204
  • 218.32.231.252:28201
  • 218.37.254.27:21583
  • 218.39.182.126:30568
  • 218.40.88.101:2519
  • 218.48.199.109:24375
  • 218.50.161.182:9038
  • 218.51.21.89:25756
  • 218.140.51.12:8468
  • 218.148.251.219:22698
  • 218.171.163.94:16758
  • 218.209.160.248:2562
  • 218.254.167.127:5740
  • 219.73.12.216:29020
  • 219.78.6.65:33708
  • 219.79.253.189:9939
  • 219.83.0.104:30658
  • 219.93.121.103:15111
  • 219.145.93.194:33262
  • 219.147.34.114:23753
  • 219.202.110.8:28827
  • 219.240.181.144:28454
  • 219.248.225.143:14185
  • 219.249.72.176:8845
  • 219.249.117.134:13353
  • 219.254.118.13:25829
  • 220.25.128.59:18744
  • 220.28.145.112:2416
  • 220.75.201.75:7996
  • 220.78.161.247:28205
  • 220.80.215.60:29333
  • 220.121.21.181:16788
  • 220.121.21.181:33030
  • 220.124.38.16:30551
  • 220.124.175.157:12100
  • 220.148.16.39:4110
  • 220.220.116.135:11543
  • 220.224.17.10:10110
  • 221.18.0.117:11916
  • 221.47.213.200:23856
  • 221.108.65.254:10196
  • 221.126.151.71:17646
  • 221.141.55.109:30843
  • 221.142.96.17:19936
  • 221.150.214.179:19031
  • 221.159.62.13:14957
  • 221.185.15.223:17890
  • 221.191.57.30:24122
  • 222.67.45.214:19529
  • 222.99.86.210:27472
  • 222.101.155.165:23303
  • 222.108.5.132:18023
  • 222.114.74.45:25606
  • 222.118.51.48:6469
  • 222.127.80.128:6375
  • 222.148.64.185:21090
  • 222.159.64.165:10951
  • 222.159.226.214:10951
  • 222.208.215.168:20927
  • 222.228.120.86:20142
  • 222.233.184.93:18714
  • 222.233.227.99:5019
  • 222.234.213.72:2836
  • 222.252.90.199:1181
  • 222.252.122.81:26824
  • 222.252.139.216:33746
  • 222.252.153.67:19902
  • 222.252.160.48:8365
  • 222.252.163.49:30461
  • 222.252.174.136:23526
  • 222.252.217.52:12418
  • 222.252.237.64:32254
  • 222.253.73.161:20468
  • 222.253.209.240:16728
  • 222.254.25.22:26824
  • 222.254.77.33:5860

The worm might attempt to hide its presence in the system.


It uses techniques common for rootkits.

Please enable Javascript to ensure correct displaying of this content and refresh this page.