Pattern B

1048 samples (always WinXP)

Ports
Infection Egg-download Upload
always 445 1031 (100%)
445 (99%) 1031 (94%)

Filenames
Processes Executables
MSMSGS.EXE (100%)
random 5/6/7/8 character filename ftpupd.exe (100%)
random 5/6/7/8 character filename

Registry keys
HKEY_LOCAL_MACHINE@...Microsoft\Wireless (99%)

Snort IDs
1:2000032 (100%)
1:99913 (100%)
1:2001683 (99%)
555:5555005 (99%)
1:2001569 (99%)
1:2000033 (98%)
1:2466 (98%)
1:3000003 (94%)
1:3000000 (94%)

Static analysis
MD5 Antivirus labels
7d99b0e9108065ad5700a899a1fe3441 (36%)
7f60162c2c0bd2cc7531e51328e98290 (18%)
3ae357d17b1d2e0174bf477c28422c29 (8%)
986b59708d2ca33f4c1ad682a5d7a673 (6%) korgo (97%)
padobot (97%)
lsabot (79%)
ircbot (24%)
sdbot (24%)