Search:       

Sunday, 12 October 2008       

Worm.P2P.Relmony. Spyware/Adware Definition


Name: Worm.P2P.Relmony.
Category: Viruses
Description: Details
Worm.P2P.Relmony.a

Relmony is an Internet worm that spreads in the Kazaa and Morpheus peer-to-peer file exchange networks. The Relmony worm replicates by copying itself into the "shared folders" on victim client machines which comprise these networks.
The Relmony worm is a Windows application (PE EXE file) about 29KB in size. It is written in Visual Basic.
Installation
Relmony copies itself to the Windows auto-startup directories with the following names (shown at the end of each string):
C:WINNTsystem32configsystemprofileStartMenuProgramsStartupsystem.exe
C:Documents and SettingsAll UsersStart MenuProgramsStartupsystem.exe
C:WINDOWSStart MenuProgramsStartupsystem.exe
Replication
Relmony copies itself to P2P directories under the following names:
Note 1 - there is a typo for the spelling of the Morpheus network name
C:Program FilesKaZaAMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears.exe
C:Program FilesKaZaAMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_3.exe
C:Program FilesKaZaAMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_.exe
C:Program FilesKaZaAMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_4.exe
C:Program FilesMorpeusMy SharedFolderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears.exe
C:Program FilesMorpeusMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_2.exe
C:Program FilesMorpeusMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_.exe
C:Program FilesMorpeusMy Shared Folderfree_hot_porn_for_sale_pussy_hot-sex-butt-black-young-kiddy-music-movie-sum-of-fears_4.exe

Other
After being installed the Relmony worm creates a window with the following text appearing:

This window slowly moves from the top-left desktop corner to the bottom-right.
***Clicking on this window and the worm runs the join.php script from the http://www.ignifuge.com/getpaid server.
The Relmony worm then creates a small blue button in top left desktop corner with the word Money written on it. ***Clicking on this button runs the same PHP-script (join.php> from the same server.
The button - Money


Top Viruses Visited Pages:
Parity.44
Pathhunt.123
Perfume Famil
Permutan.54
Phantasmagori
Pieck.201
Ply.422
PME.Burglar.326
Polifemo Famil
Populizer Famil
Potpis.69
Predator.115
PrintDevil.71
Priv.193
Quake.960.

 

Main Menu
Home
Top Downloads
New Programs
Awards
Submit
Link to us
Spyware Definitions
Viruses Info
Recipes
Jokes
Contact us

Spyware Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially dangerous utilities/tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 



 

 
- Privacy Policy -