[ITCENTER] Re: Help... about Virus / worm

Shahyadi Tue, 27 Jun 2006 06:07:28 -0700

Dari Symantec.com:
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]


[EMAIL PROTECTED]
    Category 2
Discovered on: June 20, 2006
Last Updated on: June 23, 2006 12:41:42 PM

[EMAIL PROTECTED] is a mass-mailing worm that uses its own SMTP engine to
spread. It attempts to lower security settings. The worm may also download
and execute remote files. The worm uses rootkit technology to hide its
processes and files.

Also Known As:     W32/[EMAIL PROTECTED] [McAfee], W32/Bagle-KL [Sophos],
W32/Bagle-KM [Sophos]

Type:     Worm

Systems Affected:     Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP

  12. Attempts to send the file %SystemDrive%\temp.zip to the email
addresses that were gathered. The email has the following charcateristics:

      From: [RANDOM NAME]
      Subject: [RANDOM NAME]

      Message:

          * archive password: [IMAGE FILE]
          * Password - [IMAGE FILE]
          * Password -- [IMAGE FILE]
          * Password is [IMAGE FILE]
          * Password: [IMAGE FILE]
          * The password is [IMAGE FILE]
          * Use password [IMAGE FILE] to open archive.
          * Zip password: [IMAGE FILE]

            Attachment: [RANDOM NAME].zip - is a password protected zip file
containing a copy of the worm and a clean dll file.

-=------------=================------------=-

Help... about Virus / worm
   Posted by: "AryaSeta" [EMAIL PROTECTED]
   Date: Mon Jun 26, 2006 10:46 pm (PDT)

Dear,

Akhir2 ini email office saya sering mendapatkan email yang aneh
yang isinya cm :

I love you
The password is 35683 (angka 35683 bentuknya .gif)

To the beloved
Use password 36748 (.gif) to open archive.

etc....

trus ada file attachment yang satu  bentuknya .zip
dan namanya itu random. diterima berulang kali, sehari ini aja email
saya dah nerima hampir 5 kali.
dan hampir semua email account dengan domain office saya mengalami hal
yang sama.

Kira2 ini virus atau worm apa ya? trus cara membasminya gmn?

Terima kasih.

--
Regards,


-inv- @ http://archives.web.id


[Non-text portions of this message have been removed]



-- 
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia 
Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] 
:: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: 
## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ##
$$ Iklan/promosi : www.itcenter.or.id/sponsorship $$

[@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ITCENTER/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

[ITCENTER] Re: Help... about Virus / worm

Kirim email ke