Results 1 to 5 of 5

Thread: Feb 15 Alerts

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation Feb 15 Alerts

    W32.Alcarys@mm
    Discovered on: February 14, 2002
    W32.Alcarys@mm is a mass-mailing worm that also overwrites files and infects Microsoft Word documents. (For information on the Word document infection, please refer to W97M.Pacol.A.)
    Type: Worm
    Infection Length: 12,288 bytes

    Payload:
    Large scale e-mailing: Mass Mails itself to all recipients in the Outlook Address Book
    Deletes files: overwrites ".htm", ".scr", ".com", and ".exe" files
    Compromises security settings: Disables Microsoft Word2000 Security settings
    Distribution:

    Subject of email: sounds of sex and other stuffs
    Name of attachment: SexSound.exe, Readme.txt, http://www.EcstasyRUs.com, and syra.scr
    Size of attachment: 12,288 bytes

    Technical description:
    When W32.Alcarys@mm is run, it does the following:
    1. It sends itself to all contacts in the Microsoft Outlook address book. The email has the following characteristics:
    Subject: sounds of sex and other stuffs
    Message: ....Hear me and my girlfriend moan...We spent yesterday's night having sex... I've also included a list of haiku, a cool talking screensaver and a link to a site offering cheap ecstasy pills.. enjoy..

    http://www.symantec.com/avcenter/ven...lcarys@mm.html

    W32.HLLO.6144
    Discovered on: February 14, 2002

    W32.HLLO.6144 is a virus that overwrites all .com, .exe and .scr files in all folders.
    Type: Virus
    Infection Length: 6144
    Damage: High
    Payload: Overwrites files
    Technical description:
    W32.HLLO.6144 is written in a high-level language. When it is executed, it searches for all .com, .exe, and .scr files in all folders on the hard drive. It then replaces these files with an exact copy of itself. The replaced program files are not repairable.

    http://www.symantec.com/avcenter/ven...hllo.6144.html



    IRC.Worm.Ceyda
    Discovered on: February 14, 2002

    This is an IRC worm that sends itself to others using IRC. It allows an attacker to gain control of an infected system.

    Also Known As: IRC-Worm.Ceyda.6574, mIRC/Ceydem.6953/6966, pIRCH/Ceydem.6966
    Type: Worm
    Infection Length: 6,574 bytes
    Threat Assessment: Low
    Technical description:
    This worm is an encrypted DOS executable file. When it is executed, it does the following:
    1. First, it decrypts itself.
    2. It then creates the Winstart.bat file in the C:\Windows folder.
    3. Next, it creates the C:\Windows\Windowsuser2 folder, and copies itself to that location.
    4. It then executes the batch file. The batch file makes another copy of the worm in the \Windowsuser2 folder with the file name CeydaDemet___TurkishGirl.JPG.com.
    5. It also creates a Script.ini file in the C:\Mirc folder. The worm replaces certain commands in the Script.ini with commands to format the hard drive and to send itself to others.

    http://www.symantec.com/avcenter/ven...orm.ceyda.html


    W32.Valcard
    Discovered on: February 14, 2002
    W32.Valcard is a simple mass-mailing worm that copies itself to C:\Windows\System\ValentineCard.exe. It sends itself to all recipients in the Microsoft Outlook address book. It also creates and runs the file C:\Evil.jpg.

    http://www.symantec.com/avcenter/ven...2.valcard.html
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    What site did you acquire this info from? I wanna visit it, cuz you seem to have a lot of up-to-date stuff I wanna read about, but don't know exactly where to go.

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    mostly i go to

    http://www.symantec.com/avcenter/

    but you can also check
    http://vil.nai.com/VIL/newly-discovered-viruses.asp
    http://www.sophos.com/

    there are others...

    it's my daily routine...everytime i get a coffee...av alert pages...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  4. #4

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    good post zigar and useful links.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •