Results 1 to 4 of 4

Thread: Friday Virus Heads up

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Friday Virus Heads up

    More info from Symantec.. a couple of friendlies to watch out for..

    http://securityresponse.symantec.com/

    W32.HLLW.Nople is a network-aware worm that copies itself to all remote computers as the file C:\Winnt\Noplease_flash_movie.exe.

    Indications that a computer has been infected are the presence of the Noplease_flash_movie.exe file or the message "Es hora de formatear tu disco".



    Type: Worm
    Infection Length: 51,200 bytes
    Systems Affected: Windows NT, Windows 2000, Windows XP
    Systems Not Affected: Windows 3.x, Windows 95, Windows 98, Windows Me, Microsoft IIS, Macintosh, Unix, Linux
    This threat was previously a zoo detection added on May 28, 2002. It was discovered in-the-wild on June 6, 2002.

    Due to an increased rate of submissions, Symantec Security Response has upgraded the threat rating of VBS.VBSWG.AQ@mm to Category 3 as of June 6, 2002.

    VBS.VBSWG.AQ@mm is a VBScript threat that is designed to send itself as ShakiraPics.jpg.vbs to users of Microsoft Outlook or IRC. This threat also overwrites .vbs and .vbe files with its own code. The email has the following characteristics:

    Subject: Shakira's Pictures
    Message:
    Hi :
    i have sent the photos via attachment
    have funn...
    Attachment: ShakiraPics.jpg.vbs

    NOTE: This threat was previously a zoo detection discovered in the wild on June 6, 2002.


    Also Known As: VBS/VBSWG.aq@MM, VBS_VBSWG.AQ, VBS/VBSWG-AQ, VBSWG.AQ
    Type: Worm
    Infection Length: 7,995 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP
    Systems Not Affected: Windows 3.x, Macintosh, Unix, Linux
    Hope this helps some

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2

    Talking

    Many thanks Man......
    [glowpurple]The Nutta [/glowpurple]

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Here is some extra info on the Shakira Worm..

    trust it helps

    cheers

    the cut and past is from the following link..

    http://support.centralcommand.com/cg...=020531-000004

    Details:
    --------
    Name: Worm/Shakira
    Alias: I-Worm.Lee-Based
    Type: Internet Worm
    Discovered: May 26, 2002
    Size: 7.995KB
    ITW: Yes


    Description:
    ------------
    Worm/Shakira is an Internet worm that spreads through e-mail by using addresses it collects in the Microsoft Outlook Address Book.

    The worm arrives through e-mail in the following format:

    Subject: Shakira's Pictures
    Body: Hi :
    i have sent the photos via attachment
    have funn...
    Attachment: ShakiraPics.jpg.vbs

    If executed, the worm copies itself in the \windows\ directory under the filename "ShakiraPics.jpg.vbs", this file searches for all *.vbs files to overwrite with its viral code. Additionally, the file "Readme.vbs" gets added in the \Recycled\ directory. So that it gets run each time a user restart their computer the following registry key gets added:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Registry=wscript.exe C:\WINDOWS\ShakiraPics.jpg.vbs %


    The following message box is displayed:




    Worm/Shakira also spreads via the Internet Rely Chat (IRC) network. It modifies the file "Script.ini" to the \Mirc\ directory if it exists to do so.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Well, as long as it doesn't mess with my Saturday Plan's...
    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •