A forum for reverse engineering, OS internals and malware analysis 

IM-Worm.Win32.Zeroll.a- new VR

Forum for analysis and discussion about malware.

IM-Worm.Win32.Zeroll.a- new VR

 #2743  by xhandsome
 Mon Sep 13, 2010 8:46 am
On Aug 21, we (Kaspersky Lab) detected a new instant messenger worm that spreads through almost all well-known IM programs, including Skype, GTalk, Yahoo Messenger and Live MSN Messenger. The name of the threat is “IM-Worm.Win32.Zeroll.a”
Any one having the sample?

Re: IM-Worm.Win32.Zeroll.a- new VR

 #9404  by korczyn
 Tue Oct 25, 2011 3:27 pm
Hi,

I'd like to ask about your experience with IM-Worm.Win32.Zeroll.b.
I m trying to find some common spreading features of viruses replicating themselves via Skype chat (sending automatic messages with malicious links). I've already tested Skipi and now I was trying with IM-Worm.Win32.Zeroll.b that was posted by PX5, but the problem is I can't observe "spreading process" in Skype...

I'm using Windows Professional in my VirtualBox, with Skype v. 3.6.0.244 and I have created some users in my Skype buddy list but the virus is not active...
Any suggestions?

thanks,
korczyn

Re: IM-Worm.Win32.Zeroll.a- new VR

 #9417  by korczyn
 Wed Oct 26, 2011 3:34 pm
After deeper analysis I noticed the program is trying to connect to non existing old ip addresses...
Maybe someone has newer version?

e.g. IM-Worm.Win32.Zeroll.g
http://www.threatexpert.com/report.aspx ... 5686f02d90
88930B337F482EB19987725686F02D90

IM-Worm.Win32.Zeroll.r
http://www.threatexpert.com/report.aspx ... 5bdda5a5d2
062BB5D0411D9B9644C8625BDDA5A5D2

IM-Worm.Win32.Zeroll.t
http://www.threatexpert.com/report.aspx ... 1ba40f49dc
4F7E0E15C0E683D99CBFBE1BA40F49DC

thanks,
korczyn
 Return to “Malware”