March 14 Alerts
Results 1 to 5 of 5

Thread: March 14 Alerts

  1. #1
    Senior Member
    Join Date
    Jan 2002

    Exclamation March 14 Alerts

    Discovered on: March 13, 2002
    This is a mass-mailing worm that sends itself to all entries in the Windows Address Book, using the SMTP server of the infected user. It contains no payload. The email arrives with an attachment named patch.exe. For addresses ending in .jp, there are 16 Japanese language subjects, one of which is chosen randomly each time.

    Also Known As: W32.Dotjaypee@mm, W32/FBound.c@mm, WORM_FIDAO, WORM_FBOUND.B, FIDAO.A, FIDAO, W32/Fbound.b@MM, Win32/Japanize.Worm, I-Worm.Zircon.B

    Type: Worm
    Infection Length: 12288
    Threat Assessment:
    Wild: Medium
    Damage: Low
    Distribution: High

    Visual Basic Script worm

    VBS/LoveLet-DO is a minor variant of the VBS/LoveLet-AS Visual Basic Script worm.
    The worm forwards itself in an email with the following characteristics:
    Subject line: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<= or a random 6 letter string.
    Body text: VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURE.. or a random 10 letter string.
    Attachment: random attachment name

    Alias: Linux.Osf.8759
    Category: UNIX/Linux
    Type: Virus
    OSF.8759 is a Linux virus infecting ELF executable programs.
    OSF consists of two quite distinct parts: a viral part and a backdoor part.
    The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 200 files in the current directory as well as up to 200 files in the /bin directory. The virus avoids infecting the “ps” program (and all programs with names ending with the string “ps”).
    Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2.
    The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: “/bin/sh –c command”.

    Alias: Win32.Alcarys.C, Win32.Alcarys.D, Win32.Alcop.R
    Category: Win32
    Type: Worm

    Win32.Alcaul.AF is an e-mail worm which spreads using Microsoft Outlook. It arrives in the following message:
    Hello... You're Randomly Chosen As A Tester...
    ...Check out this new game from
    Attachments:, regkey.pif

    Discovery Date: 03/14/2002
    Origin: Unknown
    Length: 61,440 bytes
    Type: Virus
    SubType: E-mail

    Virus Characteristics
    This mass-mailing worm is also a utility (dubbed 'Active Mouse' by its author) designed to simulate activity on the host machine. Additionally however, once running it also mails itself to recipients listed in the Outlook Address Book.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Hey Zigar, with all the new virii you post about you should assume an alternate identity and name it "Harbinger of Sorrow". hehe. Thanks for the heads up.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Lol....I was just thinking "Oh, goody, more good news!!" No, seriously, I appreciate your posts zigar, because then I can ignore all those stupid WARNING hoax virus alerts I get in my email all the time!
    I must have the most gullible friends known to man.....

    Really zigar, I do appreciate them, it makes it a little easier if you at least know what to look for.
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Good post Zigar, I better leave the virus warnings for the pro's

    More info about W32/FBound.c@mm can be found here..


  5. #5
    The Lizard King SarinMage's Avatar
    Join Date
    Jan 2002
    nice post, nice keeping up to date on things

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts