$_SERVER["REMOTE_ADDR"] = preg_replace('/.*,\s*/','', $_SERVER["HTTP_X_FORWARDED_FOR"]);
Notice: Undefined index: related in /data/www/spywareguide/product_show.php on line 49
Notice: Undefined variable: incprefix in /data/www/spywareguide/product_show.php on line 241
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
This infection comes from a .COM file, which is launched from a rogue webpage (Lamanweb. com) when the user visits it using IE. When run, files are then dropped in the infected PC's TEMP Folder and in a folder called YSND (hidden from view by default). The infection is twofold - first, a rogue browsing application called "Power Browser" / "Safety Browser" is installed with no uninstall facility. It also changes your homepage to Demoplanet.tv in IE, though this sometimes randomly changes to the Lamanweb website.
Music is also played on the infected PC each time it boots up.
The Ysnd file recieves commands from an additional file on the PC to pass the Lamanweb link via Yahoo IM. This appears to be a re-worked and updated version of an older, existing piece of malware.