Pattern JULYG

109 samples (WinXP (52%)
Win2K-f (48%))

Ports
Infection Listen Egg-download
445 (100%) 135 (85%)
500 (85%)
1026 (85%) 445 (97%)
68 (47%)
73 (46%)

Filenames
Processes Executables
MSMSGS.EXE (70%)

random 10
character filename o (100%)
index.dat (88%)
windservc.exe (28%)

Registry keys
...CurrentVersion\RunServices (100%)
...CurrentVersion\Run (36%)
...InternetSettings\5.0 (36%)
full list

Snort IDs
1:1390 (100%)
1:2001944 (100%)
1:99998 (100%)
1:3003 (99%)
1:3000006 (97%)
1:2001683 (94%)
full list

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=StnyFtpd 0wns j0 (94%)

Static analysis
MD5 Antivirus labels
None (55%)
d40063... (9%)
c4709f... (8%)
fc3e35... (6%)
full list
sdbot (94%)
rbot (90%)
vipre (90%)
dnascan (71%)
spybot (71%)
mybot (63%)
full list