Win32/Rodpicom [Threat Name] go to Threat
Win32/Rodpicom.A [Threat Variant Name]
| Category | worm |
| Aliases | Trojan-Dropper.Win32.VB.bwkw (Kaspersky) |
Short description
Win32/Rodpicom.A is a worm that spreads via IM networks.
Installation
The worm does not create any copies of itself.
The worm is usually a part of other malware.
Spreading via IM networks
If Skype is installed on the infected system, the worm sends a message with a URL to all Skype contacts.
The URL points to malicious content related to Win32/Rodpicom.A .
The messages may contain any of the following texts:
- hey is this your skype profile pic? %malwareurl%
- hey est-ce la photo de votre profil skype? %malwareurl%
- hey й essa sua foto de perfil skype? rsrsrsrsrsrsrs %malwareurl%
- hey esta es la foto de perfil skype? %malwareurl%
- hй ez a skype profilfotу? %malwareurl%
- hey is dit uw skype profiel foto? %malwareurl%
- hallo, sag mal ehrlich sind das deine fotos? %malwareurl%
- hey kjo лshtл skype juaj photo profilin? %malwareurl%
- hej det hдr дr din skype-profil foto? %malwareurl%
- hey bu senin skype profil fotografi mi? %malwareurl%
- hej je ovo vas skype profil slika? %malwareurl%
- hej jest to twoja skype zdjecie profilowe? %malwareurl%
- hey и la tua foto del profilo skype? %malwareurl%
- hei dette er din skype profilbilde? %malwareurl%
- hej je to vase skype profil fotku? %malwareurl%
- ey, eto vash skype ris profil'? %malwareurl%
- hej je to vasa skype profil fotku? %malwareurl%
- hey er det din skype profil billede? %malwareurl%
- ni phaph porfil khxng khun skype? %malwareurl%
- hei, zhи shм ni de skype gиrйn ziliаo zhаopiаn ma? %malwareurl%
- hey ini foto skype profil? %malwareurl%
- hey lа anh tieu skype cua ban? %malwareurl%
- hey ito sa iyong skype larawan sa profile? %malwareurl%
If the link is clicked a copy of the worm is downloaded.
Some examples follow.
