Win32/Videspra [Threat Name] go to Threat

Win32/Videspra.AA [Threat Variant Name]

Category worm
Size 40448 B
Detection created Jul 13, 2010
Detection database version 5276
Aliases Trojan.Siggen1.63495 (Dr.Web)
  Suspicious.Emit (Symantec)
Short description

Win32/Videspra.AA is a worm that spreads via IM and social networks.

Installation

The worm does not create any copies of itself.

Spreading

Win32/Videspra.AA is a worm that spreads through social networking sites.


The worm spreads by sending messages to people that are "friends" with someone in the social network whose computer has already been infected.


The message contains a URL link to a website containing malware. If the link is clicked a copy of the worm is downloaded.


The following social networking sites are affected:

  • facebook.com
Spreading via IM networks

If ICQ, Yahoo Messenger, Skype, Windows Live Messenger is installed on the infected system, the worm sends a message with a URL to all contacts.


The message contains a URL link to a website containing malware. If the link is clicked a copy of the worm is downloaded.

Other information

The worm creates and runs a new thread with its own program code within the following processes:

  • aim.exe
  • firefox.exe
  • icq.exe
  • iexplore.exe
  • msnmsgr.exe
  • MySpaceIM.exe
  • Safari.exe
  • taskmgr.exe
  • Xfire.exe
  • YahooMessenger.exe

The worm hides its running process.


Please enable Javascript to ensure correct displaying of this content and refresh this page.