ThaWild 10 Geschrieben 28. Februar 2004 Melden Teilen Geschrieben 28. Februar 2004 W32/Netsky.c@MM A new variant of last week's Netsky virus, W32/Netsky.c@MM is a Medium Risk mass-mailing worm that also copies itself to folders named "share" or "sharing" on an infected system. It spreads by stealing email addresses, spoofing or forging the "from: field". Like its earlier counterpart, the worm tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer. Upon infection, W32/Netskyk.c@MM will also spread via P2P programs like KaZaa, Bearshare and Limewire that use shared folder names containing the words "share" or "sharing". Note: The attachment may be either a ZIP file (with the worm) or an executable, with a single (.doc, .htm, .rtm, .text) or double file extension (.com, .exe, .pif, .scr). Filenames that are carried within the worm include: # 3D Studio Max 3dsmax.exe # Adobe Photoshop 9 full.exe # Adobe Premiere 9.exe # Ahead Nero 7.exe # Best Matrix Screensaver.scr Caution: An infected email can come from addresses you recognize. W32/Bagle.c@MM W32/Bagle.c@MM is a Medium Risk mass-mailing worm with a potentially dangerous remote access component that may open a backdoor on an infected computer to hackers. Unlike variant W32/Bagle.b@MM, W32/Bagle.c@MM arrives as a .ZIP attachment. When run, the virus emails itself to addresses it steals from the infected computer, spoofing the "from: field" with one of the harvested addresses. The virus does not mass-mail itself to addresses that contain @avp., @hotmail.com, @microsoft, @msn.com, local, noreply, postmaster@, and root@. NOTE: W32/Bagle.c@MM contains a remote access component that attempts to notify the hacker that the infected system is ready to accept commands. The functionality this backdoor provides to the hacker is currently under investigation. Like its predecessors, this worm checks the system date. If it is March 14, 2004 or later, the worm simply exits and does not propagate. The virus also attempts to terminate the process of several security programs. Caution: An infected email can come from addresses you recognize. What to look for: From: Varies. Address may be forged Subject Varies. Body: Message body is empty. Attachment: Randomly named binary within a .ZIP file (~16KB). Gr³³z Stefan Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.