Pattern AUG-SEP-K

81 samples (WinXP (81%))

Ports
Infection Listen Egg-download
445 (40%)
135 (22%)
1034 (16%)
139 (12%) 9996 (40%) 445 (44%)
9996 (33%)

Filenames
Processes Executables
MSMSGS.EXE (81%)

random 7/8
character filename index.dat (72%)
avserve2.exe (25%)
ftpupd.exe (25%)

random 7/8
character filename

Registry keys
...Microsoft\Wireless (48%)
full list

Snort IDs
1:99913 (79%)
1:2466 (58%)
1:5001684 (57%)
1:2001683 (48%)
555:5555005 (47%)
1:2001569 (37%)
full list

Network chatter
FTP
user=anonymous (50%)
pass=bin (46%)
server=OK (40%)
pass=1 (35%)
user=1 (31%)

Static analysis
MD5 Antivirus labels
None (22%)
1a2c0e... (11%)
7d99b0... (11%)
831f4e... (9%)
2aa59b... (7%)
full list
jobaka (33%)
korgo (27%)
lsabot (27%)
padobot (27%)
poebot (27%)
rbot (23%)