Jump to content
Sign in to follow this  
TCH-Dick

Virus News

Recommended Posts

Up in the Sky – WORM_NETSKY.B (Medium Risk)

------------------------------------------------------------------------

WORM_NETSKY.B is a memory-resident, mass-mailing worm that spreads via email

and peer-to-peer file-sharing networks. It drops copies of itself in shared

folders as an executable with two extension names, and is represented by a

Microsoft Word icon. It runs on Windows 95, 98, ME, NT, 2000, and XP.

 

Upon execution it drops a copy of itself as SERVICES.EXE in the Windows folder,

and then creates a registry entry that allows it to automatically execute at

every Windows startup.

 

To propagate, this worm sends copies of itself via Simple Mail Transfer Protocol

(SMTP) to target email addresses that it gathers from files with the following

extensions, found in drives C to Z:

 

ADB

ASP

DBX

DOC

EML

HTM

HTML

MSG

OFT

PHP

PL

RTF

SHT

TBB

TXT

UIN

VBS

WAB

 

It sends a message with the following:

 

From:

 

Subject: (any of the following)

fake

hello

hi

information

read it immediately

something for you

stolen

unknown

warning

 

Message Body:

 

Attachment:

 

The file attachment may have two extension names, with the first name being DOC,

HTM, RTF or TXT, and the second extension name being COM, EXE, PIF, or SCR. The

attachment may also arrive compressed in ZIP format.

 

To spread via file-sharing networks this worm drops numerous copies of itself in

folders with the strings “sharing” or “shared” in their names.

 

If you would like to scan your computer for WORM_NETSKY.B or thousands of other

worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free,

online virus scanner at: http://housecall.trendmicro.com/

 

WORM_NETSKY.B is detected and cleaned by Trend Micro pattern file #769 and above.

 

For additional information about WORM_NETSKY.B please visit: http://www.trendmicro.com/vinfo/virusencyc...e=WORM_NETSKY.B

 

Bagels and Coffee – WORM_BAGLE.B (Medium Risk)

------------------------------------------------------------------------

WORM_BAGLE.B is a memory-resident, mass-mailing worm that propagates by sending

copies of itself using SMTP. It sends email with the following:

 

From:

 

Subject: ID btm... thanks

 

Message Body: Yours ID smcyfjkfer

--

Thank

 

Attachment:

 

It drops a copy of itself in the Windows System folder as AU.EXE, using the icon

for files associated with Microsoft Sound Recorder. It runs on Windows 95, 98, ME,

NT, 2000, and XP.

 

Upon execution, this worm checks the system date. If the date is later than

February 25, 2004, it immediately terminates. It also creates a registry entry that

allows it to automatically execute at every Windows startup. In addition, it launches SNDREC32.EXE or Microsoft Sound Recorder upon execution.

 

This worm propagates by mass-mailing copies of itself using SMTP. It obtains email

addresses from .HTM, .HTML, .TXT and .WAB files, and skips addresses that contain

.r1u, @hotmail.com, @msn.com, @microsoft, and @avp.

 

WORM_BAGLE.B also has backdoor capabilities. It opens a port and listens for remote connections, and may also download and execute an updated copy of itself.

 

If you would like to scan your computer for WORM_BAGLE.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

 

WORM_BAGLE.B is detected and cleaned by Trend Micro pattern file #767 and above.

 

For additional information about WORM_BAGLE.B please visit: http://www.trendmicro.com/vinfo/virusencyc...me=WORM_BAGLE.B

 

 

Top 10 Most Prevalent Global Malware

(from February 12, 2004 to February 19, 2004)

------------------------------------------------------------------------

1. WORM_MYDOOM.A

2. WORM_LOVGATE.G

3. PE_VALLA.A

4. WORM_MOFEI.B

5. WORM_BAGLE.B

6. WORM_NACHI.A

7. WORM_MSBLAST.C

8. PE_NIMDA.E

9. TROJ_DASMIN.E

10. WORM_KLEZ.H

Share this post


Link to post
Share on other sites

Thanks Mike. Got over a hundred of these pass through just today. It's getting to the point that if I have to add anymore filters I'm not going to be able to get any mail.

 

Argh.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×