Windows worm numbers 'skyrocket'
Jan 19, 2009, 19:04 (32 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"According to Microsoft, the worm works by searching for a
Windows executable file called "services.exe" and then becomes part
of that code.
"It then copies itself into the Windows system folder as a
random file of a type known as a "dll". It gives itself a 5-8
character name, such as piftoc.dll, and then modifies the Registry,
which lists key Windows settings, to run the infected dll file as a
Funny how the elderly Unix system of file permissions and
ownership foils this sort of attack quite neatly. Oh wait I forgot,
malware authors only attack The Most Popular OS--ed.