Pattern JULYE

168 samples (Win2K-f (61%)
WinXP (39%))

Ports
Infection Listen Egg-download Upload
445 (100%) 44445 (100%)
135 (60%)
500 (60%)
1026 (60%) 68 (57%)
73 (36%) 44445 (100%)

Filenames
Processes Executables
MSMSGS.EXE (47%)

random 9
character filename index.dat (62%)
resource32w.exe (59%)
Abort (32%)

Registry keys
...CurrentVersion\RunServices (100%)
...Microsoft\OLE (99%)
...InternetSettings\5.0 (62%)
...InternetSettings\Connections (62%)
full list

Snort IDs
1:2000032 (100%)
1:2466 (100%)
1:3000004 (100%)
1:5001684 (98%)
1:2001683 (95%)
555:5555005 (71%)
full list

Network chatter
FTP
exec=resource32w.exe (99%)
pass=a (98%)
user=a (98%)
server=WinFtpd 1.2 (93%)

Static analysis
MD5 Antivirus labels Domain
7fdfe3... (61%)
None (28%)
full list
sdbot (99%)
spybot (97%)
rbot (97%)
mybot (92%)
sdbo (88%) *@celestial.org (100%)