You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard

EggDrop.AA

 
Threat LevelHigh threatDamageSevereDistributionNot widespread

Effects 

EggDrop.AA carries out the following actions:

  • It creates a server to which it attempts to connect through IRC channels in order to allow its creator to control the affected computer remotely.
  • It can configure the server in order to receive the following instructions:
    - Start an HTTP proxy server or an FTP server.
    - Recover information about an affected system.
    - Upload and download files via FTP.
    - Change and delete the configuration of the Windows Registry.
    - Search, rename and delete files.
    - Obtain passwords from email services such as Outlook and games like World of Warcraft, Conquer Online or information stored in Internet Explorer.
    - End the indicated processes.
    - Turn off or restart the system.
    - Enable or disable the services that are being run in the affected system.
    - Create or modify user accounts.
    - Execute programs.

Infection strategy 

EggDrop.AA creates a copy of itself in the Windows system directory. This file can have any of the following names, among others:

  • CSCR.EXE
  • FIREWALL.EXE

 

EggDrop.AA creates the following entry in the Windows Registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Network Firewall = %sysdir%\    %copy of the worm%
    where %sysdir% is the Windows system directory.
    By creating this entry, EggDrop.AA ensures that it is run whenever Windows is started.

Means of transmission 

EggDrop.AA uses the following means to spread:

  • the P2P file sharing programs.
  • the instant messaging program MSN Messenger.

Further Details  

EggDrop.AA is 113,664 bytes in size.