Pattern AUG-SEP-C

915 samples (WinXP (56%)
Win2K-f (44%))

Ports
Infection Listen Egg-download
445 (83%)
139 (17%) 113 (63%)
135 (55%)
500 (55%)
1026 (55%) 445 (82%)
68 (40%)
74 (29%)

Filenames
Processes Executables
MSMSGS.EXE (60%)

random 8/9/10
character filename o (97%)
index.dat (27%)

Registry keys
...CurrentVersion\RunServices (100%)
...InternetSettings\5.0 (42%)
...Microsoft\OLE (38%)
...CurrentVersion\Run (26%)
full list

Snort IDs
1:1390 (100%)
1:99998 (100%)
1:5001684 (93%)
1:2001683 (87%)
1:2001944 (83%)
1:3000006 (82%)
full list

Network chatter
FTP
user=1 (100%)
pass=1 (100%)
server=StnyFtpd 0wns j0 (66%)

Static analysis
MD5 Antivirus labels Domain
None (15%) vipre (84%)
sdbot (70%)
sheur (42%)
rbot (41%)
heur (37%)
spybot (35%)
full list
*@admin.com (98%)
paypal.com (79%)
PAYPAL.COM (77%)
de.yahoo.com (77%)
nitro.ucsc.edu (77%)
reconnect.in (77%)
full list