March 14 Alerts
Results 1 to 5 of 5

Thread: March 14 Alerts

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation March 14 Alerts

    W32.Dotjaypee@mm
    Discovered on: March 13, 2002
    This is a mass-mailing worm that sends itself to all entries in the Windows Address Book, using the SMTP server of the infected user. It contains no payload. The email arrives with an attachment named patch.exe. For addresses ending in .jp, there are 16 Japanese language subjects, one of which is chosen randomly each time.

    Also Known As: W32.Dotjaypee@mm, W32/FBound.c@mm, WORM_FIDAO, WORM_FBOUND.B, FIDAO.A, FIDAO, W32/Fbound.b@MM, Win32/Japanize.Worm, I-Worm.Zircon.B

    Type: Worm
    Infection Length: 12288
    Threat Assessment:
    Wild: Medium
    Damage: Low
    Distribution: High

    http://sarc.com/avcenter/venc/data/w...jaypee@mm.html

    VBS/LoveLet-DO
    Type
    Visual Basic Script worm

    Description
    VBS/LoveLet-DO is a minor variant of the VBS/LoveLet-AS Visual Basic Script worm.
    The worm forwards itself in an email with the following characteristics:
    Subject line: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<= or a random 6 letter string.
    Body text: VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURE.. or a random 10 letter string.
    Attachment: random attachment name

    http://www.sophos.com/virusinfo/anal...loveletdo.html

    ELF.OSF.8759
    Alias: Linux.Osf.8759
    Category: UNIX/Linux
    Type: Virus
    CHARACTERISTICS
    OSF.8759 is a Linux virus infecting ELF executable programs.
    OSF consists of two quite distinct parts: a viral part and a backdoor part.
    The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 200 files in the current directory as well as up to 200 files in the /bin directory. The virus avoids infecting the “ps” program (and all programs with names ending with the string “ps”).
    Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2.
    The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: “/bin/sh –c command”.

    http://www3.ca.com/virus/virus.asp?ID=11513


    Win32.Alcaul.AF
    Alias: Win32.Alcarys.C, Win32.Alcarys.D, Win32.Alcop.R
    Category: Win32
    Type: Worm

    CHARACTERISTICS
    Win32.Alcaul.AF is an e-mail worm which spreads using Microsoft Outlook. It arrives in the following message:
    Subject:
    Hello... You're Randomly Chosen As A Tester...
    Body:
    ...Check out this new game from www.tucows.com..
    Attachments:
    vbgame.com, regkey.pif

    http://www3.ca.com/virus/virus.asp?ID=11520


    W32/Shrew@MM
    Discovery Date: 03/14/2002
    Origin: Unknown
    Length: 61,440 bytes
    Type: Virus
    SubType: E-mail

    Virus Characteristics
    This mass-mailing worm is also a utility (dubbed 'Active Mouse' by its author) designed to simulate activity on the host machine. Additionally however, once running it also mails itself to recipients listed in the Outlook Address Book.

    http://vil.nai.com/vil/content/v_99387.htm
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Hey Zigar, with all the new virii you post about you should assume an alternate identity and name it "Harbinger of Sorrow". hehe. Thanks for the heads up.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Lol....I was just thinking "Oh, goody, more good news!!" No, seriously, I appreciate your posts zigar, because then I can ignore all those stupid WARNING hoax virus alerts I get in my email all the time!
    I must have the most gullible friends known to man.....

    Really zigar, I do appreciate them, it makes it a little easier if you at least know what to look for.
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Good post Zigar, I better leave the virus warnings for the pro's

    More info about W32/FBound.c@mm can be found here..

    ~micael

  5. #5
    The Lizard King SarinMage's Avatar
    Join Date
    Jan 2002
    Location
    California
    Posts
    561
    nice post, nice keeping up to date on things

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •