Variants: Win32/Neeris.gen!C

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 12 Sep 2007
Damage: Medium

Characteristics: W32.Neeris spreads through Windows Live Messenger, MSN Messenger, and Windows Messenger. It affects all windows platforms namely Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. MSN Messenger has to be installed in order for this virus to propagate. It uses instant messaging applications to send and spread the worm to the compromised computer. It also executes a backdoor capability on the compromised computer. This may also download and execute potentially malicious files as well as steal sensitive information.

More details about W32.Neeris

The worm opens a backdoor on the compromised computer which also allows a remote attacker to make showing server list, changing server, creating processes, listing processes, listing threads, ending processes, updating itself, downloading and executing potentially malicious files, showing login list, showing bot version, hacking sensitive information and showing the worm status possible. This backdoor capability steals private or confidential files or data from the compromised computer. It can also be destructive, having the ability to also download malware on a compromised computer. This information may also lead to the hands of the black market. Confidential email messages and or usernames and passwords can also be sold in the Internet. Furthermore, users should be wary that files maliciously downloaded from an untrusted site should always be quarantined or checked before execution.

File creation is also one of the characteristics of this worm. Once executed, the worm creates “lsass.exe” file. Once this file is already present in the compromised computer, the worm automatically makes sure that instant messaging applications are running. If it finds one, the worm automatically sends these messages to all contacts listed in the clients “hT je vais mettre cette image de nous sur mon myspace :>,” le lol se rappellent quand vous aviez l'habitude d'avoir vos cheveux comme ceci,” hT veux tu voir mes image de vacance??,” j'ai fais pour toi ce photo album tu dois le voire :p,” haha vous devriez rendre ceci votre dTfaut pic sur le myspace ou quelque chose :D,” mes photos chaudes :D,” dTfaut de la reproduction sonore ! regard a cette vieille image que j'ai trouvTe : |,” ehi metter= quest'immagine di noi sul mio myspace :>,” ehi aggiunger= quest'immagine di noi al mio weblog,” jaja lei dovrebbe fare quest'il suo pic predefinito sul myspace o qualcosa :Dmetta questi fotos in suo pagina myspace,” Qui sono il fotos di ci,” Caricher= questa foto al mio myspace adesso,” Io ricordo quando abbiamo portato questa foto,” Per favore nessuno lasciare vede le nostre foto,” he werde ich diese Abbildung von uns auf mein myspace setzen,” lol erinnern sich, an als Sie pflegten, Ihr Haar so zu haben,” he werde ich diese Abbildung von uns meinem weblog hinzufngen,” Haha sollten Sie dieses Ihre Rnckstellung auf myspace oder etwas pic bilden:D,” he ich zeige Ihnen diese Abbildung von mir nberhaupt?,” Wimmern! Blick auf diese alte Abbildung, die ich: fand,” m?hten den pics von meinen Ferien sehen?,” Here are my private pictures for you,” hey i'm going to add this picture of us to my weblog,” My friend took nice photos of me.you Should see em loL!,” lol remember when you used to have your hair like this,” Nice new photos of me and my friends and stuff and when i was young lol...,” wanna see the pics from my vacation? :>,” Check out my nice photo album. :D,” Hey i zet deze foto van ons even op mijn myspace,” lol ik kan me nog herrinnere,” haha you moet die je standaard foto maken op hyves of myspace,” he heb je ooit deze foto laten zien ?,” wow! moet je eens kijken welke foto ik nu gevonden heb,”wil je fotos zien van mijn vakantie,” oye voy a poner esa foto de nosotros en mi myspace :->,” jaja recuerda cuando tuviste el pelo asi,” oye voy a agregar esa foto a mi blog ya,” jaja debes poner esa foto como foto principal en tu myspace o algo :D,” hola esas son las fotos,” esa foto de tu y yo la voy a poner en myspace,” voy a poner esa foto de nosotros en mi blog ya,” oye ponga esa foto en tu myspace como la foto principal,” jajaja yo me recuerdo cuando tuvistes el pelo asi” and “ay no ese pelo fue lo mas chistoso...q estabas pensando". Aside from sending to all contacts, it also sends a copy of the message in its own application. Files created and or copied are saved in windows directory folders.