|
Description:
This file-infecting virus propagates via shared network drives and via email.
To spread through network shares, it searches for shared folders with read/write access in the same network and drops copies of itself into these folders using the following file names:
- 100 free essays school.pif
- Age of empires 2 crack.exe
- AN-YOU-SUCK-IT.txt.pif
- Are you looking for Love.doc.exe
- autoexec.bat
- CloneCD + crack.exe
- How To Hack Websites.exe
- Mafia Trainer!!!.exe
- MoviezChannelsInstaler.exe
- MSN Password Hacker and Stealer.exe
- Panda Titanium Crack.zip.exe
- Sex_For_You_Life.JPG.pif
- SIMS FullDownloader.zip.exe
- Star Wars II Movie Full Downloader.exe
- The world of lovers.txt.exe
- Winrar + crack.exe
It propagates via email by replying to all new messages received in Microsoft Outlook and Outlook Express. It sends out email with the following format:
From: <Infected User’s Name>
To: <Original Sender>
Subject: RE: <Original Subject>
Message Body:
'''<Infected User’s Name>' wrote:
====
><Original Body> >
====
YAHOO.COM Mail auto-reply:
If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about,don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
... ... more look to the attachment.
> Get your FREE <Original Sender’s SMTP account> account now! <
Attachment: (Randomly selected from any of the following:)
I am For u.doc.exe"
Britney spears nude.exe.txt.exe
joke.pif
DSL Modem Uncapper.rar.exe
Industry Giant II.exe
StarWars2 - CloneAttack.rm.scr
dreamweaver MX (crack).exe
Shakira.zip.exe
SETUP.EXE
Macromedia Flash.scr
How to Crack all gamez.exe
Me_nude.AVI.pif
s3msong.MP3.pif
Deutsch BloodPatch!.exe
Sex in Office.rm.scr
the hardcore game-.pif
An example of this email would be:
This malware also gathers target email addresses from HTML files that it finds in the current and Windows folders and a specific registry key, and sends an email message with itself as attachment to all the said email addresses. The email message that it sends is randomly generated using any of the following subjects, message bodies and attachments:
Subjects: (any of these)
Reply to this!
Let's Laugh
Last Update
for you
Great
Help
Attached one Gift for u..
Hi
Hi Dear
See the attachement
Message Body: (any of these)
For further assistance, please contact!
Copy of your message, including all the headers is attached.
This is the last cumulative update.
Tiger Woods had two eagles Friday during his victory over
Stephen Leaney. (AP Photo/Denis Poroy)
Send reply if you want to be official beta tester.
This message was created automatically by mail delivery
software (Exim).
It's the long-awaited film version of the Broadway hit.
Set in the roaring 20's, this is the story of Chicago
chorus girl Roxie Hart(Zellweger), who shoots her unfaithful
lover (West).
Adult content!!! Use with parental advisory.
Patrick Ewing will give Knick fans something to cheer
about Friday night.
Send me your comments...
Attachment: (any of these)
About_Me.txt.pif
driver.exe
Doom3 Preview!!!.exe
enjoy.exe
YOU_are_FAT!.TXT.pif
Source.exe
Interesting.exe
README.TXT.pif
images.pif
Pics.ZIP.scr
This malware also has backdoor capabilities. It opens ports 1092 and 20168, allowing remote users to access infected systems. After opening the said ports, it immediately sends an email notifying a remote user that the infected machine is online and accessible.
This malware runs on Windows NT, 2000, and XP systems.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 13, 2003 12:00:50 AM GMT -0800
Description updated: May. 13, 2003 4:42:32 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
