SymbOS.Worm.Keaf.A
VERY LOW
VERY LOW
4036
(SMS-Worm:SymbOS/Feak)
Symptoms
Presence of \system\apps\feakk.exe and/or \system\recogs\feakk.mdl (usually on drive C:)
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Alexandru Maximciuc, virus researcher
Technical Description:
The worm has 2 components:
\system\apps\feakk.exe
\system\recogs\feakk.mdl.
The .mdl file is set to start the .exe file on system startup.
Once installed and started, it looks in contact list for a contact named HACKME. If it succeeds, it starts it's worm behavior: sends SMSs to all the contacts in the list. The format of SMS messages is:
hey check this link out http://www.cs.ucsb.edu/%7efeakk/feakk.zip bye!
The zip doesn't reside on that link anymore.
SHARE
THIS ON