|
-
March 14th, 2002, 05:39 PM
#1
 March 14 Alerts
W32.Dotjaypee@mm
Discovered on: March 13, 2002
This is a mass-mailing worm that sends itself to all entries in the Windows Address Book, using the SMTP server of the infected user. It contains no payload. The email arrives with an attachment named patch.exe. For addresses ending in .jp, there are 16 Japanese language subjects, one of which is chosen randomly each time.
Also Known As: W32.Dotjaypee@mm, W32/FBound.c@mm, WORM_FIDAO, WORM_FBOUND.B, FIDAO.A, FIDAO, W32/Fbound.b@MM, Win32/Japanize.Worm, I-Worm.Zircon.B
Type: Worm
Infection Length: 12288
Threat Assessment:
Wild: Medium
Damage: Low
Distribution: High
http://sarc.com/avcenter/venc/data/w...jaypee@mm.html
VBS/LoveLet-DO
Type
Visual Basic Script worm
Description
VBS/LoveLet-DO is a minor variant of the VBS/LoveLet-AS Visual Basic Script worm.
The worm forwards itself in an email with the following characteristics:
Subject line: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<= or a random 6 letter string.
Body text: VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURE.. or a random 10 letter string.
Attachment: random attachment name
http://www.sophos.com/virusinfo/anal...loveletdo.html
ELF.OSF.8759
Alias: Linux.Osf.8759
Category: UNIX/Linux
Type: Virus
CHARACTERISTICS
OSF.8759 is a Linux virus infecting ELF executable programs.
OSF consists of two quite distinct parts: a viral part and a backdoor part.
The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 200 files in the current directory as well as up to 200 files in the /bin directory. The virus avoids infecting the “ps” program (and all programs with names ending with the string “ps”).
Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2.
The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: “/bin/sh –c command”.
http://www3.ca.com/virus/virus.asp?ID=11513
Win32.Alcaul.AF
Alias: Win32.Alcarys.C, Win32.Alcarys.D, Win32.Alcop.R
Category: Win32
Type: Worm
CHARACTERISTICS
Win32.Alcaul.AF is an e-mail worm which spreads using Microsoft Outlook. It arrives in the following message:
Subject:
Hello... You're Randomly Chosen As A Tester...
Body:
...Check out this new game from www.tucows.com..
Attachments:
vbgame.com, regkey.pif
http://www3.ca.com/virus/virus.asp?ID=11520
W32/Shrew@MM
Discovery Date: 03/14/2002
Origin: Unknown
Length: 61,440 bytes
Type: Virus
SubType: E-mail
Virus Characteristics
This mass-mailing worm is also a utility (dubbed 'Active Mouse' by its author) designed to simulate activity on the host machine. Additionally however, once running it also mails itself to recipients listed in the Outlook Address Book.
http://vil.nai.com/vil/content/v_99387.htm
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote