Jump to content

Wurmnews 28.2.04


ThaWild
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

W32/Netsky.c@MM

 

A new variant of last week's Netsky virus, W32/Netsky.c@MM is a Medium Risk mass-mailing worm that also copies itself to folders named "share" or "sharing" on an infected system. It spreads by stealing email addresses, spoofing or forging the "from: field". Like its earlier counterpart, the worm tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer.

Upon infection, W32/Netskyk.c@MM will also spread via P2P programs like KaZaa, Bearshare and Limewire that use shared folder names containing the words "share" or "sharing".

Note: The attachment may be either a ZIP file (with the worm) or an executable, with a single (.doc, .htm, .rtm, .text) or double file extension (.com, .exe, .pif, .scr). Filenames that are carried within the worm include:

# 3D Studio Max 3dsmax.exe

# Adobe Photoshop 9 full.exe

# Adobe Premiere 9.exe

# Ahead Nero 7.exe

# Best Matrix Screensaver.scr

Caution: An infected email can come from addresses you recognize.

 

W32/Bagle.c@MM

 

W32/Bagle.c@MM is a Medium Risk mass-mailing worm with a potentially dangerous remote access component that may open a backdoor on an infected computer to hackers. Unlike variant W32/Bagle.b@MM, W32/Bagle.c@MM arrives as a .ZIP attachment.

When run, the virus emails itself to addresses it steals from the infected computer, spoofing the "from: field" with one of the harvested addresses. The virus does not mass-mail itself to addresses that contain @avp., @hotmail.com, @microsoft, @msn.com, local, noreply, postmaster@, and root@.

NOTE: W32/Bagle.c@MM contains a remote access component that attempts to notify the hacker that the infected system is ready to accept commands. The functionality this backdoor provides to the hacker is currently under investigation.

Like its predecessors, this worm checks the system date. If it is March 14, 2004 or later, the worm simply exits and does not propagate. The virus also attempts to terminate the process of several security programs.

Caution: An infected email can come from addresses you recognize.

What to look for:

 

From: Varies. Address may be forged

Subject Varies.

Body: Message body is empty.

Attachment: Randomly named binary within a .ZIP file (~16KB).

 

Gr³³z

Stefan

Link zu diesem Kommentar
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
×
  • Neu erstellen...