|
-
July 22nd, 2003, 08:02 AM
#1
worm_jantic.b
Email Propagation
To propagate, it sends itself as email attachment to all contacts listed in the Microsoft Outlook address book. It uses any of the following email messages:
Subject: You have a ecard!
Message Body: You have recieved a E-Card! Check your attatchments!
Attachment: attachment.exe
Subject: Technical Support - File you Requested.
Message: Hey, Here is the Attachment you Requested. Please Respond Back. Thanks Technical Support.
Attachment: attachment.exe
Payloads
The worm attempts to delete the following files:
C:\Program Files\Yahoo!\Messenger\*.exe
C:\Windows\*.ini
C:\Windows\System\*.scr
Other Details
This worm is written and compiled in Visual Basic.
Trend Micro page related to it : http://c.moreover.com/click/here.pl?r80922718
sorry und3rtak3r if u already posted abt it
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
July 23rd, 2003, 02:03 PM
#2
NAh you got me on this one.. .. best I can do is update with this from Sophos
If run, the attachment displays messages such as "Guess Who's Back?" and "W32.Jantic@mm is!" and attempts to use Outlook to send itself as an attachment. The infected email messages will be sent to contacts from the user's address book or to Walmart@Walmart.com.
W32/Jantic-B attempts to create a copy of itself in the folder
C:\windows\start menu\programs\startup as error.exe, McAfee AntiVirus.exe, Norton.exe or Norton AntiVirus.exe so that this file runs every time Windows is started.
The worm also drops itself as into the root folder of drive C: as attachment.exe.
And you are most welcome getting this one up before me..
Cheers
BTW: greatly appreciate the many comments of thanks..Thank You..
But..I have never recieved any comments regarding the format I have used in the "Heads Up" posts..Your comments are welcome (constructive please)..My time to gather the information varies.. so I will miss some..
The warnings are more to tickle the attention of those who Don't normaly deal with Virii, worms and Trojans.. And I hope that some ppls attention to Virus protection has been raised enough to save themselves and or their employer from a headache..
Cheers
U
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
July 23rd, 2003, 02:29 PM
#3
UnderTaker: Your "Heads Up's" are just fine. The simple fact that a new virus/variant is out is sufficient to nudge those of us who need to manually update definitions, (read: save money), to do so. Thus the format is somewhat moot.
Keep up the excellent work and I won't even blame you if you miss one and I get it....... 
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 23rd, 2003, 04:23 PM
#4
i would love to get a format which is more informative ... so that most of the information is dlivered here itself than the person need to click on the link....and the link is better of updates...
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote