«
»

New mass mailing virus



F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it’s aliases are…. W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It’s a worm as well, in that it tries to spread through remote shares. It attempts to disable antivirus software as well. Here are some details from their writeup:


The e-mail subject is one the following:

The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos

The message body may be one of the following:

Note: forwarded message attached.
Hot XXX Yahoo Groups
Fuckin Kama Sutra pics
ready to be FUCKED ;)
Note: forwarded message attached.
forwarded message attached.
VIDEOS! FREE! (US$ 0,00)
i attached the details. Thank you.
>> forwarded message
—– forwarded message —–
i just any one see my photos. It’s Free :)

The worm can attach itself as executable file. It uses one the following names in attachment:

007.pif
School.pif
04.pif
photo.pif
DSC-00465.Pif
image04.pif
677.pif
New_Document_file.pif
eBook.PIF
document.pif
DSC-00465.pIf

Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be
one of the following:

Attachments[001].B64
3.92315089702606E02.UUE
SeX.mim
Original Message.B64
WinZip.BHX
eBook.Uu
Word_Document.hqx
Word_Document.uu

The filename inside MIME-encoding is one of the following:

Attachments[001].B64 [spaces] .sCR
3.92315089702606E02.UUE [spaces] .sCR
SeX,zip [spaces] .sCR
WinZip.zip [spaces] .sCR
ATT01.zip [spaces] .sCR
WinZip.zip [spaces] .sCR
Word.zip [spaces] .sCR
Word XP.zip [spaces] .sCR

Spreading in shared folders

The worm searches for remote shared folders and tries to copy itself using one of the following filenames:

Admin$WINZIP_TMP.exe
c$WINZIP_TMP.exe
c$Documents and SettingsAll UsersStart MenuProgramsStartupWinZip Quick Pick.exe

Symantec has a removal tool here

Popularity: 1% [?]

Create PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Running windows applications directly in linux Linux.com has a good explanation of using binfmt_misc to directly launch a windows (or java or python) application just by typing in the application name. *(without all the contortions of ... /home/user/bin/wine /home/user/.wine/c_drive/Program\ Files/Really\ Neat\ Software/Program.exe ) You do have to make the app executable under linux (chmod 755) and......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • How to Remove Personal Security | Personal Security Removal Guide Personal Security is a rogue antivirus application that comes from the same (dreaded) family as the Cyber Security rogue. It usually installs on the users computer without the permission of the computer user. Once installed on the system it will then perform supposed scans finding lots of virus infected files......
Blog Traffic Exchange Related Websites
  • Washing Windows 101 Washing windows is one of those household chores that no really looks forward to. But cleaned windows can really give the appearance of your home, both inside and out, a boost. If you've been spraying window cleaner and rubbing away with paper towels, or hosing off those upper floor windows,......
  • Fishing and Boating Lexicon Continued Bullet Sinker - This is a type of sinker that is free to move along the line, it is shaped like a cone and may be made of lead, steel, or zinc and comes in a variety of weights. Buzz bait - This is a type of bait that stays......
  • Stop Registry Error Message - How to Fix Windows Registry Errors the Easy Way It is very annoying when your computer displays a registry error message because it really affects the performance of your system. It is not recognized to a lot of people that this is one everyday problem that computer users are experiencing every so often. The performance of the computer is......

Similar Posts


This entry was posted on Wednesday, January 18th, 2006 at 8:58 am and is filed under Computers, Security, Tech Support, Viruses, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site