Results 1 to 2 of 2

Thread: 6 Heads Up **Zoher,NakedWife,MyBabyPic,Gnutella worm,Vierika,DlDer**

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    472

    6 Heads Up **Zoher,NakedWife,MyBabyPic,Gnutella worm,Vierika,DlDer**

    i have 6 heads up to notify everyone:

    1
    NAME: Zoher
    ALIAS: Scherzo, Sheer, I-Worm.Zoher

    Sheer is an e-mail worm. It spreads in an e-mail message with long Italian text and an attachment called javascript.exe. On some systems, the attachment is executed automatically.

    This worm sends itself to everyone in the Windows Address book. It uses the default system SMTP mail server (found from Windows registry).

    The worm exploits i-frame vulnerability and because of that on some systems the worm is able to self-launch itself when an infected e-mail is viewed (for example, with Outlook and IE 5.0 or 5.01). To do this the worm uses a known vulnerability in IE that allows execution of an email attachment.

    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/sheer.shtml
    2
    NAME: NakedWife
    ALIAS: I-Worm.Naked, W32/naked@MM,
    ALIAS: W32.HLLW.JibJab@MM TROJ_NakedWife
    ALIAS: Naked Wife
    SIZE: 73728

    NakedWife is an e-mail worm that spreads as an attachment called NakedWife.exe. The worm uses MS Outlook Address Book to find e-mail addresses and sends itself to these addresses with the help of MS Outlook application. The worm is a PE executable about 74 kb long written in Visual Basic.

    it opens MS Outlook Address Book and sends itself to all addresses found there. The infected message has the worm's executable as NakedWife.exe attached.

    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/nakedwif.shtml
    3
    NAME: MyBabyPic
    ALIAS: IWorm_Myba, I-Worm.Myba

    Myba is the Internet worm spreading with emails by sending infected messages from affected computers. While spreading the worm uses MS Outlook and sends itself to all addresses that are stored in MS Outlook Address Book.

    The worm itself is Win32 application written in VisualBasic. The worm code seems to be based on I-Worm.LoveLetter VBS worm (the worm routines and their names look very similar to "Loveletter" ones), and its seems that this worm was created by adapting "Loveletter" VBS source to VisualBasic language.

    When run (if a user clicks on attached infected file) the worm sends its copies by email, installs itself into the system and performs destructive actions.

    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/myba.shtml
    4
    NAME: Mandragore
    ALIAS: GnutellaMandragore, Gnutella worm
    SIZE: 8192

    GnutellaMandragore is a worm which spreads through the Gnutella peer-to-peer file sharing system (which is somewhat similar to Napster). If you're not using Gnutella, you're not at risk. Popular programs to access Gnutella include ToadNode and BearShare.

    When a PC gets infected, the worm will connect to the Gnutella network as one node. After that it will monitor what kind of files other people are searching for, and will answer those queries.

    First infected files in the Gnutella network were spotted on Friday the 23rd of February, 2001.

    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/mandra.shtml
    5
    NAME: Vierika

    VBS/Vierika is a mass mailer (worm) written in Visual Basic Script.

    This worm consists of two different script parts, one that arrives in an Outlook message as an attachment and another that is available on a web site.

    VARIANT: Vierika.A

    This worm arrives in a message that has the following content:


    Subject: Vierika is here
    Body: Vierika.jpg
    Attachment: Vierika.JPG.vbs

    VARIANT: Vierika.B


    This variant arrives in a message that have the same content with VBS/Vierika.A@mm. However, the worm is modified slightly and it uses a web page located at Geocities server. The web page is modified as well:


    now you are free


    MATRIX IS CONTROL


    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/vierika.shtml
    6
    NAME: DlDer
    ALIAS: Trojan.Win32.DlDer, Troj_DlDer

    The DlDer spyware-trojan was installed with LimeWire, Kazaa, Grokster and some other software packages that are mainly used for user-to-user file exchange purposes (now most of these packages are distributed without DlDer trojan components). The trojan was installed even if a user selected not to install any additional (spyware) components from those packages during setup phase or was just hiddenly dropped to a user's system.

    technical Details and other Stuff Here : http://www.f-secure.com/v-descs/dlder.shtml
    mean while SOPHOS has released a timeline and l;atest news for Sobig.F
    check here : http://www.sophos.com/virusinfo/arti...gtimeline.html
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    22
    Were these being re-released? Zoher was first reported in Dec '01, NakedWife came out in Mar '01, BabyPic discovery was Feb '01 and so forth.

    Have you heard something about these being reworked and started up again?
    Where\'s the ka-booom?
    There was supposed to be an earth-shattering ka-booom!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •