Win32/Delf.SSE [Threat Name] go to Threat

Win32/Delf.SSE [Threat Variant Name]

Category trojan,worm
Size 155648 B
Detection created Apr 22, 2015
Detection database version 11516
Aliases IM-Worm.Win32.Delf.f (Kaspersky)
Short description

Win32/Delf.SSE is a worm that spreads via IM networks.

Installation

The worm does not create any copies of itself.


In order to be executed on every system start, the worm sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "msnmsgr" = "%malwarefilepath%"

The worm may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion]
    • (Default) = ""
Spreading

Win32/Delf.SSE is a worm that spreads via IM networks.


The worm sends links to MSN Messenger, Skype users.


The messages may contain any of the following texts:

  • Poxa!! nunca pensei que vc teria coragem de fazer isso comigo. or que colocou minhas fotos nesse site. eu nao mereco isso!! Site: http://fotos1901.%removed%.com  Agora vem me dizer que nao.

The message contains a URL link to a website containing malware.


If the link is clicked this results in the execution of the downloaded data.

Other information

The worm creates the following files:

  • %system%\­expira.log

Please enable Javascript to ensure correct displaying of this content and refresh this page.