Pattern JUL-AUGG

114 samples (WinXP (52%)
Win2K-f (48%))

Ports
Infection Listen Egg-download
445 (100%) 135 (85%)
500 (85%)
1026 (85%) 445 (97%)
68 (46%)
73 (44%)

Filenames
Processes Executables
MSMSGS.EXE (69%)

random 10
character filename o (100%)
index.dat (86%)
windservc.exe (27%)

Registry keys
...CurrentVersion\RunServices (100%)
...CurrentVersion\Run (38%)
...InternetSettings\5.0 (38%)
full list

Snort IDs
1:1390 (100%)
1:2001944 (100%)
1:99998 (100%)
1:3003 (99%)
1:3000006 (97%)
1:2001683 (94%)
full list

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=StnyFtpd 0wns j0 (95%)

Static analysis
MD5 Antivirus labels
None (54%)
d40063... (9%)
c4709f... (8%)
fc3e35... (7%)
full list
sdbot (94%)
rbot (90%)
vipre (90%)
spybot (71%)
dnascan (69%)
mybot (62%)
full list