New mass mailing virus



F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it’s aliases are…. W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It’s a worm as well, in that it tries to spread through remote shares. It attempts to disable antivirus software as well. Here are some details from their writeup:


The e-mail subject is one the following:

The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos

The message body may be one of the following:

Note: forwarded message attached.
Hot XXX Yahoo Groups
Fuckin Kama Sutra pics
ready to be FUCKED ;)
Note: forwarded message attached.
forwarded message attached.
VIDEOS! FREE! (US$ 0,00)
i attached the details. Thank you.
>> forwarded message
—– forwarded message —–
i just any one see my photos. It’s Free :)

The worm can attach itself as executable file. It uses one the following names in attachment:

007.pif
School.pif
04.pif
photo.pif
DSC-00465.Pif
image04.pif
677.pif
New_Document_file.pif
eBook.PIF
document.pif
DSC-00465.pIf

Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be
one of the following:

Attachments[001].B64
3.92315089702606E02.UUE
SeX.mim
Original Message.B64
WinZip.BHX
eBook.Uu
Word_Document.hqx
Word_Document.uu

The filename inside MIME-encoding is one of the following:

Attachments[001].B64 [spaces] .sCR
3.92315089702606E02.UUE [spaces] .sCR
SeX,zip [spaces] .sCR
WinZip.zip [spaces] .sCR
ATT01.zip [spaces] .sCR
WinZip.zip [spaces] .sCR
Word.zip [spaces] .sCR
Word XP.zip [spaces] .sCR

Spreading in shared folders

The worm searches for remote shared folders and tries to copy itself using one of the following filenames:

Admin$WINZIP_TMP.exe
c$WINZIP_TMP.exe
c$Documents and SettingsAll UsersStart MenuProgramsStartupWinZip Quick Pick.exe

Symantec has a removal tool here

Related Posts

Blog Traffic Exchange Related Posts
  • How festive - the dasher worm... The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it's second iteration. Sans noticed an odd increase in port 1025 scans on the tenth of the month which was early activity of this worm. It......
  • How to Remove SystemCleanerPro | SystemCleanerPro Removal Guide SystemCleanerPro is a rogue antivirus application. It is a part of the WinSpywareProtect family and will run at system startup. It will popup many warnings about your computers security (or lack thereof). It will scan your system and claim there are viruses and it will repeatedly nag you about purchasing......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
Blog Traffic Exchange Related Websites
  • Stop Registry Error Message - How to Fix Windows Registry Errors the Easy Way It is very annoying when your computer displays a registry error message because it really affects the performance of your system. It is not recognized to a lot of people that this is one everyday problem that computer users are experiencing every so often. The performance of the computer is......
  • Threat Outbreak Alert: Fake Bin Laden Pictures E-mail Messages on May 13, 2011 Source: Security Intelligence Operations Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain  pictures of Osama Bin Laden  The text in the e-mail message instructs the recipient to open a .zip attachment to view the pictures.  However, the .zip attachment contains a......
  • Washing Windows 101 Washing windows is one of those household chores that no really looks forward to. But cleaned windows can really give the appearance of your home, both inside and out, a boost. If you've been spraying window cleaner and rubbing away with paper towels, or hosing off those upper floor windows,......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site