Home Malware Programs Worms Falsu

Falsu

Posted: March 28, 2006

Falsu is a worm that spreads through the Kazaa file sharing network and IRC chat channels using the mIRC client.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 command.pif
    2 command.scr
    3 commando.exe
    4 my_sister_nude.exe
    5 srvwin.scr
    6 winexec.exe
    7 winsys.exe
    8 winupdate.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareKAZAAResultsFilterfirewall_filter=0HKEY_CURRENT_USERSoftwareKAZAAResultsFiltervirus_filter=0HKEY_CURRENT_USERSoftwareKazaaLocalContentDisableSharing=0HKEY_CURRENT_USERSoftwareKazaaLocalContentdir0=012345:%Windir%SharedHKEY_CURRENT_USERSoftwareKazaaLocalContentdir1=012345:%Windir%SharedHKEY_CURRENT_USERSoftwareKazaaLocalContentdir2=012345:%Windir%SharedHKEY_CURRENT_USERSoftwareKazaaLocalContentdir3=012345:%Windir%SharedHKEY_CURRENT_USERSoftwareKazaaLocalContentdir4=012345:%Windir%SharedHKEY_CURRENT_USERSoftwareKazaaLocalContentdir5=012345:C:HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwinexec
Loading...