Another Virus Heads Up... or 6 mth old Defs won't cut it..
I notice Sonic has been doing an excellent job with Virus heads up.. Here are a few from my mailings today..
from http://support.centralcommand.com/cg...=020617-000007
The version f is also listed with Symantec...Name: W32/Yaha.E (aka. Worm/Lentin.F)
Alias: Worm/Yaha.E
Type: Internet Worm
Discovered: June 17, 2002
Size: 29.948KB
ITW: Unknown
Description:
W32/Yaha.E is a modification of Worm/Lentin (Valentine.scr), an
Internet worm that spreads by retrieving e-mail addresses from
the Windows Address Book, as well as, from addresses found in
cached webpages. In addition, to these methods, W32/Yaha.E also
can spread through contacts it finds in the MSM Messanger and the
ICQ database list.
It scans all files with the extension HTM, HTML and HTA
This variant arrives as another friendship screen saver
The subject is randomly selected from a pre-determined list
The name of the Attachment begins with one of the following names:
loveletter
resume
love
weeklyreport
goldfish
report
mountan
biodata
dailyreport
lovegreetings
shakingfriendship
is followed by:
.wav
.doc
.mp3
.bmp
.jpg
.gif
.txt
.xls
.htm
.mpg
.zip
.dat
and ends with one of these extentions:
.pif
.bat
.scr
If executed, the worm copies itself in the \Recycled\ directory
under a random filename (ie. "kiek.exe". Additionally, a text
file (using the same random characters) is also created in the
/windows/ directory. This text file contains the following:
It also modifies the following registry key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
<default> = "c:\recycler\kiek" %1 %*
**This modification allows it to run each time another executable
file is ran.
Running the worm will display a screensaver with a multicolor
screensaver message that shakes the screen after it is complete.
The display messages are:
- True Love never Ends
- U r My Best Friend
- U r so cute today #!#!
And
http://securityresponse.symantec.com...lw.kazmor.html
W32.HLLW.Kazmor is a worm that has backdoor Trojan capability, which allows a hacker to gain control of the compromised computer. W32.HLLW.Kazmor spreads across a local network using shared drives. The worm also attempts to spread across KaZaA file-sharing networks.
The worm disguises itself as movies, games, or porno-related programs, or as software files to trick KaZaA users into downloading the program and opening it. W32.HLLW.Kazmor is written in the Borland Delphi programming language.
Type: Trojan Horse, Worm
Infection Length: 55,808 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, LinuxBackdoor.NetControle is a Trojan horse that allows a hacker to remotely control an infected computer. It is written in the Visual Basic programming language. It will listen for connections on TCP/UDP port 1772.
NOTE: Virus definitions dated prior to June 20, 2002, may detect this threat as Backdoor.Trojan.
Also Known As: Backdoor.VB.o, Troj/Bdoor-VBO, Backdoor.Trojan
Type: Trojan Horse
Infection Length: 40,960
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, Unix, Linux
Wild
Number of infections: 0 - 49
Number of sites: More than 10
Geographical distribution: Low
Threat containment: Easy
Removal: EasyW32.Kwbot.Worm has backdoor Trojan capability, which allows a hacker to gain control of the compromised computer. The worm can update itself by checking for newer versions over the Internet. W32.Kwbot.Worm disguises itself as popular movie, game, or software files, and it attempts to spread across KaZaA file-sharing networks by tricking KaZaA users into downloading the program and opening it.
Type: Trojan Horse, Worm
Infection Length: 19,600
Wild
Number of infections: 0 - 49
Number of sites: 3 - 9
Geographical distribution: Low
Threat containment: Easy
Removal: Easy
Distribution
Ports: random changed
Target of infection: KaZaZ Shared folder
Enough for this Post.
Cheers
Reply With Quote