Cow X Downloader 2007.06.18

Cow X Downloader 2007.06.18
(Trojan.Win32.Genome.gpa)
(Worm.Win32.AutoRun.dbq for autorun.inf)
(Worm.Win32.AutoRun.dbq for autorun.inf)

by xia-zai-zhe

Released in June 2007

Made in China

more versions


Server:
dropped files:
c:\autorun.inf                     Size: 159 bytes 
c:\lcg.exe                         Size: 25,600 bytes 
c:\WINDOWS\system32\Autorun.inf    Size: 159 bytes 
c:\WINDOWS\system32\SVSH0ST.EXE    Size: 25,600 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svchost"
data: C:\WINDOWS\System32\SVSH0ST.EXE 


tested on Windows XP
July 10, 2007

MegaSecurity