The code is developed in Visual Basic 6.0 and contains numerous anti-VM tricks directed against VMware, Sandboxie, Virtual Box, etc.
The malicious code downloaded then (space hospitalized by CSIS): http://www.offi
sense.co.il / lang / b.exe
Whereupon the following file is attempted copied to the system:
c: users [% user profile%] m-1-52-5782-8752-5245winsvc.exe
The worm carries a cocktail of malware onto your machine, including a Zbot / ZeuS variant which is a serious threat and stealing sensitive information from the infected machine.
The worm has already captured a large number of domains from which it spreads active (space hospitalized by CSIS)