| Name: | Shorm |
| Aliases: | W32/Shorm, Worm.Shorm, SharedWorm, |
| Ports: | |
| Files: | MSTASK.EXE - MSGSRV16.EXE - TAPI32.EXE - Avpmonitor.exe -Win.exe - - 20,480 bytes |
| Created: | |
| Requires: | |
| Actions: | Worm / Steals passwords / Network trojan |
| Propagates to all shared disks. Autostarts using Windows Startup directory. Passwords and users names are mailed to two addresses in Russia. The .exe file is compressed using ASPack. It connects to a Web page in Russia, both to receive IP addresses to scan and to update itself. | |
| Versions: | 1.2, |
| Registers: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ |
| Notes: | Works on Windows. |
| Country: | written in Russia |
| Program: | Written in Delphi. |