Pattern JUL-AUGQ

Ports	Infection Listen Egg-download 445 (88%) 135 (39%) 500 (39%) 1026 (39%) 445 (69%) 1032 (33%) 1028 (29%)
Filenames	Processes Executables MSMSGS.EXE (69%) random 5/6/7/8/9 character filename ftpupd.exe (48%) index.dat (41%) o (31%) random 8 character filename
Registry keys	...Microsoft\Wireless (58%) ...CurrentVersion\RunServices (38%) full list
Snort IDs	1:5001684 (78%) 1:2001683 (67%) 1:2000032 (51%) 1:2466 (51%) 555:5555005 (51%) 1:99913 (45%) full list
Network chatter	FTP server=- (67%) pass=1 (61%) user=1 (45%) exec=resource32w.exe (36%) pass=a (36%) user=a (33%)
Static analysis	MD5 Antivirus labels Domain 7d99b0... (16%) 2aa59b... (14%) 04af72... (6%) 0a0261... (6%) 7fdfe3... (6%) 97ac56... (6%) full list sdbot (59%) linkbot (48%) rbot (43%) poebot (37%) korgo (30%) lsabot (30%) full list SOFTWARE\Classes\Applicat... (100%) paypal.com (100%) ..έ..Π..Z..\ΠΡΡΡΡ..ΠΡΡX... (43%) full list