Pattern JUL-AUGU

13 samples (WinXP (54%)
Win2K-f (46%))

Ports
Infection Listen Egg-download Upload
445 (100%) 113 (50%) 445 (54%)
1028 (38%)
1032 (31%) 44445 (38%)
1032 (31%)

Filenames
Processes Executables
MSMSGS.EXE (75%) ftpupd.exe (100%)

Registry keys
...Microsoft\Wireless (75%)
full list

Snort IDs
1:2001683 (100%)
1:5001684 (100%)
1:2000032 (92%)
1:2466 (92%)
1:3000003 (77%)
555:5555005 (77%)
full list

Network chatter
FTP
exec=resource32w.exe (83%)
pass=a (83%)
server=- (83%)
user=a (50%)

Static analysis
MD5 Antivirus labels Domain
7c0547... (15%)
full list
bobax (83%)
bobic (67%)
vipre (58%)
korgo (50%)
lsabot (50%)
padobot (50%)
full list
SOFTWARE\Classes\Applicat... (100%)
paypal.com (100%)
full list