|
Description:
This worm arrives via email with the following details:
From:
Subject: Any of the following
• Cool flash porno! :)
• Cool! :)
• Happy Valentine's day
• Happy day
• Present
• Thank you!!!
• Thanks ;)
• Valentine's day
• you my love..
• your love
Message Body: Any of the following
• I congratulate on the coming Valentine's day! My gift to you.
• Please see my flash present :)
• With the coming Valentine's day! I very much love you
• love you! :),congratulate!
Attachment: Any of the following
• My nude_04.exe
• porno_03.exe
• Valentine.exe
• flash love.exe
• Present.exe
• your present.exe
• My nude_04.scr
• porno_03.scr
• Valentine.scr
• flash love.scr
• Present.scr
• your present.scr
Once the attachment is executed, it drops copies of itself as the following files:
- %Windows%\regedit.com
- %System%\1035\svchost.exe
- %System%\netstat.com
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP. %Windows% is the default Windows folder, usually C:\Windows or C:\WINNT.)
This worm may propagate via peer-to-peer (P2P)networks by looking for all folders containing the strings Microsoft Shar or share. It then drops copies of itself in these folders as the following files:
- Deprivation virginity schoolgirl.exe
- Pamela Anderson xxx(anal).exe
- Porno image(schoolgirls).exe
- Rape schoolgirl.scr
- Sex,oral,anal,bdsm!.exe
- Teen hardcore XXX.exe
- Teen sex(anal,oral).exe
- Virtual Girl 2.1.exe
- Windows Longhorn screen.scr
- XXX images.exe
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 7, 2005 2:09:56 PM GMT -0800
Description updated: Feb. 7, 2005 2:23:36 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
