BetaONE will rise again!


Reply
  #1  
Old 13th May 03, 07:15 AM
Kawadevil Kawadevil is offline
Member
 
Join Date: Feb 2003
Posts: 61
Kawadevil
Thanks Billybob,

Found this @ NAI.com http://vil.nai.com/vil/content/v_100295.htm

The minimum engine for detection of this threat is the 4.1.60 engine, however to remove it the 4.2.40 engine is required. AVERT recommend ALL users (Enterprise and Consumer) update to the 4.2.40 engine immediately to stay protected from this threat.

This mass-mailing worm has many components and an internal timer to trigger different processes at different times. These include:

Mass-mailing itself to addresses gathered from different places:
Outlook Contacts list
Windows Address Book (WA
Addresses found on the local system
Randomly manufactured addresses
IRC bot (Internet Relay Chat)
AIM bot (AOL Instant Messenger)
Keylogger
KaZaa worm
HTTP server
Remote access server
Self-updating mechanism
Anti-virus software termination

The worm contains its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings. It can also use any one of several hundred different external SMTP servers.
The worm arrives as an email attachment in various messages. The from address can be forged such that the apparent sender is not the actual sender. Message body and subject lines vary, as do attachment names. Attachments use standard executable extensions (.com, .exe, .pif, .scr). Such as:


Subject: why?
Body: The peace
Attachment: desktop.scr

Subject: Re: You might not appreciate this...
Body: lautlach
Attachment: service.scr

Subject: Re: how are you?
Body: I sent this program (Sparky) from anonymous places on the net
Attachment: Jesse20.exe

Subject: Fwd: Mariss995
Body: There is only one good, knowledge, and one evil, ignorance.
Attachment: Mariss995.exe

Subject: Re: The way I feel - Remy Shand
Body: Nein
Attachment: Jordan6.pif
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Zafi-C mutant virus targets Google and Microsoft NewsBot NeoWin News 0 28th Oct 04 09:00 PM
EBay virus 'start of worrying trend' NewsBot NeoWin News 0 26th Oct 04 04:30 PM
Virus rips into Macs NewsBot ieXbeta News 0 25th Oct 04 02:30 PM


All times are GMT +1. The time now is 08:05 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.