Invitation Card.zip
Invitation Card.zip is a worm that comes attached with a scam email, which pretends to be an invite to social networking site Twitter.com. The Invitation Card.zip email reads as follows:
"From: invitations@twitter.com
Subject: Your friend invited you to twitter!"
If you open this Invitation Card.zip attachment, you will end up launching W32.Ackantta.B@mm, a worm that will copy itself to your removable drives and shared folders, in order to spam your other friends. This worm may then download a Trojan onto your PC, such as Trojan Vundo.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\[RANDOM FILE NAME].dll 2 %System%\javale.exe 3 %System%\javame1.1.exe 4 %System%\javawx.exe 5 Invitation Card.zip
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkeyHKEY_CURRENT_USER\Software\Microsoft\InstallerHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"javastatio n2.3" = "[RANDOM MONTH]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"ultrasparc 2.3" = "[RANDOM DAY]"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32 \"ThreadingModel" = "Both"HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\"(Default)" = "%System%\[RANDOM FILE NAME].dll
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.