worm_jantic.b
Results 1 to 4 of 4

Thread: worm_jantic.b

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    472

    worm_jantic.b

    Email Propagation

    To propagate, it sends itself as email attachment to all contacts listed in the Microsoft Outlook address book. It uses any of the following email messages:

    Subject: You have a ecard!
    Message Body: You have recieved a E-Card! Check your attatchments!
    Attachment: attachment.exe

    Subject: Technical Support - File you Requested.
    Message: Hey, Here is the Attachment you Requested. Please Respond Back. Thanks Technical Support.
    Attachment: attachment.exe

    Payloads

    The worm attempts to delete the following files:

    C:\Program Files\Yahoo!\Messenger\*.exe
    C:\Windows\*.ini
    C:\Windows\System\*.scr
    Other Details

    This worm is written and compiled in Visual Basic.
    Trend Micro page related to it : http://c.moreover.com/click/here.pl?r80922718

    sorry und3rtak3r if u already posted abt it
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    NAh you got me on this one.. .. best I can do is update with this from Sophos

    If run, the attachment displays messages such as "Guess Who's Back?" and "W32.Jantic@mm is!" and attempts to use Outlook to send itself as an attachment. The infected email messages will be sent to contacts from the user's address book or to Walmart@Walmart.com.

    W32/Jantic-B attempts to create a copy of itself in the folder
    C:\windows\start menu\programs\startup as error.exe, McAfee AntiVirus.exe, Norton.exe or Norton AntiVirus.exe so that this file runs every time Windows is started.

    The worm also drops itself as into the root folder of drive C: as attachment.exe.
    And you are most welcome getting this one up before me..

    Cheers

    BTW: greatly appreciate the many comments of thanks..Thank You..
    But..I have never recieved any comments regarding the format I have used in the "Heads Up" posts..Your comments are welcome (constructive please)..My time to gather the information varies.. so I will miss some..
    The warnings are more to tickle the attention of those who Don't normaly deal with Virii, worms and Trojans.. And I hope that some ppls attention to Virus protection has been raised enough to save themselves and or their employer from a headache..
    Cheers
    U
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    UnderTaker: Your "Heads Up's" are just fine. The simple fact that a new virus/variant is out is sufficient to nudge those of us who need to manually update definitions, (read: save money), to do so. Thus the format is somewhat moot.

    Keep up the excellent work and I won't even blame you if you miss one and I get it.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    i would love to get a format which is more informative ... so that most of the information is dlivered here itself than the person need to click on the link....and the link is better of updates...
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •