worm_jantic.b [Archive] - Antionline Forums - Maximum Security for a Connected World

Click to See Complete Forum and Search --> : worm_jantic.b

NullDevice

July 22nd, 2003, 09:02 AM

Email Propagation

To propagate, it sends itself as email attachment to all contacts listed in the Microsoft Outlook address book. It uses any of the following email messages:

Subject: You have a ecard!
Message Body: You have recieved a E-Card! Check your attatchments!
Attachment: attachment.exe

Subject: Technical Support - File you Requested.
Message: Hey, Here is the Attachment you Requested. Please Respond Back. Thanks Technical Support.
Attachment: attachment.exe

Payloads

The worm attempts to delete the following files:

C:\Program Files\Yahoo!\Messenger\*.exe
C:\Windows\*.ini
C:\Windows\System\*.scr
Other Details

This worm is written and compiled in Visual Basic.

Trend Micro page related to it : http://c.moreover.com/click/here.pl?r80922718

sorry und3rtak3r if u already posted abt it

Und3ertak3r

July 23rd, 2003, 03:03 PM

NAh you got me on this one.. .. best I can do is update with this from Sophos (http://www.sophos.com/virusinfo/analyses/w32janticb.html)

If run, the attachment displays messages such as "Guess Who's Back?" and "W32.Jantic@mm is!" and attempts to use Outlook to send itself as an attachment. The infected email messages will be sent to contacts from the user's address book or to Walmart@Walmart.com.

W32/Jantic-B attempts to create a copy of itself in the folder
C:\windows\start menu\programs\startup as error.exe, McAfee AntiVirus.exe, Norton.exe or Norton AntiVirus.exe so that this file runs every time Windows is started.

The worm also drops itself as into the root folder of drive C: as attachment.exe.

And you are most welcome getting this one up before me..

Cheers

BTW: greatly appreciate the many comments of thanks..Thank You..
But..I have never recieved any comments regarding the format I have used in the "Heads Up" posts..Your comments are welcome (constructive please)..My time to gather the information varies.. so I will miss some..
The warnings are more to tickle the attention of those who Don't normaly deal with Virii, worms and Trojans.. And I hope that some ppls attention to Virus protection has been raised enough to save themselves and or their employer from a headache..
Cheers
U

Tiger Shark

July 23rd, 2003, 03:29 PM

UnderTaker: Your "Heads Up's" are just fine. The simple fact that a new virus/variant is out is sufficient to nudge those of us who need to manually update definitions, (read: save money), to do so. Thus the format is somewhat moot.

Keep up the excellent work and I won't even blame you if you miss one and I get it....... ;)

NullDevice

July 23rd, 2003, 05:23 PM

i would love to get a format which is more informative ... so that most of the information is dlivered here itself than the person need to click on the link....and the link is better of updates...