February 27th, 2002, 09:24 PM
Worm masquerades as "windows update"
you might want to notify your well meaning but (DON"T OPEN ATTACHMENTS!) less than (DON"T OPEN ATTACHMENTS!) well informed (DON"T OPEN ATTACHMENTS!) users...
Discovered on: February 26, 2002
Last Updated on: February 27, 2002 at 09:57:35 AM PST
W32.HLLP.Sharpei@mm is a virus that targets .exe files under the Microsoft .NET Framework. The replication code of the virus is written in C# and compiled to MSIL. The virus also mass emails itself to all contacts in the Microsoft Outlook address book by using a VBS component. The attachment is MS02-010.exe.
Type: Virus, Worm
Infection Length: 12288
(LiveUpdateTM): February 27, 2002
Large scale e-mailing: Yes
Modifies files: Yes
Subject of email: Important: Windows update
Name of attachment: MS02-010.exe
Size of attachment: 12,288
The virus arrives as an email message that has the following characteristics:
Subject : Important: Windows update
Message: Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.
When the attachment is executed, the virus does the following:
It makes a copy of itself as C:\Ms02-010.exe.
It drops the file Sharp.vbs, which then performs the mass-mailing routine, sending the previously described message. Sharp.vbs then deletes itself.
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson