Dear all,
Please take care your incoming email if the email with subject, message body and/or attachment file like description as below ( red bold text), please do not open the email and/or attachment! and please delete the email message! it is to dangerous to our computer network if the virus revealed to your computer and the network!.
This virus activated about two days ago and has been infected many computer on the world.
The description below paste from trendmicro.com
|
| ||||||||||||||||||||||||||||||||||||||
| Infection Channel 1 : Propagates via email |
| Infection Channel 2 : Propagates via network shares |
Description:
This worm propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It can then send email messages without using mailing applications, such as Microsoft Outlook.
The email message it sends out has the following details:
Subject: (any of the following)
• *Hot Movie*
• A Great Video
• Arab sex DSC-00465.jpg
• eBook.pdf
• Fw: DSC-00465.jpg
• Fw: Funny :)
• Fw: Picturs
• Fw: Real show
• Fw: SeX.mpg
• Fw: Sexy
• Fwd: Crazy illegal Sex!
• Fwd: image.jpg
• Fwd: Photo
• give me a kiss
• Miss Lebanon 2006
• My photos
• Part 1 of 6 Video clipe
• Photos
• School girl fantasies gone bad
Message body: (any of the following)
• >> forwarded message
• forwarded message attached.
• Fuckin Kama Sutra pics
• hello,
• Helloi attached the details.
• Hot XXX Yahoo Groups
• how are you?
• i just any one see my photos.
• i send the details.
• i send the file.
• It's Free :)
• Note: forwarded message attached. You Must View This Videoclip!
• Please see the file.
• Re: Sex Video
• ready to be FUCKED ;)
• Thank you
• The Best Videoclip Ever
• the file i send the details
• VIDEOS! FREE! (US$ 0,00)
• What?
Attachment: (any of the following)
• 007.pif
• 392315089702606E-02,.scR
• 677.pif
• Adults_9,zip.sCR
• ATT01.zip.sCR
• Attachments[001],B64.sCr
• Clipe,zip.sCr
• document.pif
• DSC-00465.Pif
• DSC-00465.pIf
• eBook.PIF
• image04.pif
• New Video,zip
• New_Document_file.pif
• photo.pif
• Photos,zip.sCR
• School.pif
• SeX,zip.scR
• Sex.mim
• Video_part.mim
• WinZip,zip.scR
• WinZip.BHX
• WinZip.zip.sCR
• Word XP.zip.sCR
• Word.zip.sCR
It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP.
It also propagates through network shares. It does the said routine by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE.
Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder.
Moreover, this worm deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. The said routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks.
In addition, it is capable of disabling the mouse and keyboard of an affected system.
--
~:ngadék sacékna, nilas saplasna:~
deha.wordpress.com
borondongjagong.blogspot.com
| Colleges and universities | School education | College and university in tennessee |
| College and university search | Fun |
YAHOO! GROUPS LINKS
- Visit your group "stk-cihuy" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
