curtis Posted January 20, 2006 Share Posted January 20, 2006 WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server. Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks. In addition, it is capable of disabling the mouse and keyboard of an affected system. Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted January 20, 2006 Share Posted January 20, 2006 Thanks for the info Curtis. Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted January 20, 2006 Share Posted January 20, 2006 Thanks Curtis Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted January 20, 2006 Share Posted January 20, 2006 Thanks Curtis Quote Link to comment Share on other sites More sharing options...
stevevan Posted January 21, 2006 Share Posted January 21, 2006 Thanks Curtis! virus writers Quote Link to comment Share on other sites More sharing options...
crippen Posted January 21, 2006 Share Posted January 21, 2006 a.k.a. Nyxem-D it seems: http://www.channelregister.co.uk/2006/01/19/kama_sutra_worm/ A worm claiming to offer pictures from the Kama Sutra has begun circulating by email in the latest attempt by virus writers to infect Windows machines by relying on a combination of user stupidity and supposedly salacious content. The Nyxem-D worm (AKA Blackmal-E) arrives as the infectious payload of email messages with spoofed sender addresses claiming to offer obscene pictures or pornographic movie clips. If activated, Nyxem-D tries to disable security software. It also tries to harvest email addresses from infected PCs in a routine designed to draw up a hit list of targets for infection. Nyxem-D is programmed to download updates of its code onto infected PCs. Standard defensive precautions against viral attacks apply in defending against Nyxem-D. Users are urged to patch systems up to date and update anti-virus signature definition files. Resisting the temptation to open unsolicited email attachments is also a good idea, of course. Edit: TCH-Bruce - removed direct link and off color language. These are family forums. Quote Link to comment Share on other sites More sharing options...
jayson Posted February 19, 2006 Share Posted February 19, 2006 here are some of the current and recent virus threats: Current Threats OSX/Inqtana.a W32/Bagle.gen!Sality OSX/Leap!tgz Exploit-MS06-006.gen Adware-ZSearch.dr Recent Threats W32/Netsky.p@MM W32/Zafi.d@MM W32/Netsky.q@MM Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.