|
|
От
|
константин
|
|
|
К
|
Кудинов Игорь
|
|
|
Дата
|
04.02.2005 13:27:31
|
|
|
Рубрики
|
Прочее; Россия-СССР;
|
|
Ахтунг! Угроза эпидемии.
Получил от одного из участников форума письмо
тема:
Registration is accepted
К письму приложен экзешник
zupd02.exe
Возможно и другие участники форума получат такое письмо.
Насколько знаю это саморассылающийся вирус WORM_BAGLE
Письмо НЕ вскрывать, сразу удалить
=============================================
Возможны другие прикрепленные файлы
wwsd01.exe
viupd02.exe
siupd02.exe
guupd02.exe
zupd02.exe
upd02.exe
Jol03.exe
И другие темы письма
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help
=====================================================
Подробности о вирусе и формах его рассылки
Description:
This new WORM_BAGLE variant propagates via email. Upon execution, it drops a copy of itself in the Windows system folder using the following file names:
sysformat.exe
sysformat.exeopen
sysformat.exeopenopen
It looks for folders that have the string shar then drops copies of itself into those folders using the following file names:
1.exe
2.exe
3.exe
4.exe
5.scr
6.exe
7.exe
8.exe
9.exe
10.exe
Ahead Nero 7.exe
Windown Longhorn Beta Leak.exe
Opera 8 New!.exe
XXX hardcore images.exe
WinAmp 6 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
Adobe Photoshop 9 full.exe
Matrix 3 Revolution English Subtitles.exe
ACDSee 9.exe
The email messages it sends contain the following details:
Subject: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help
Message Body: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help
Attachment: (any of the following)
wsd01.exe
viupd02.exe
siupd02.exe
guupd02.exe
zupd02.exe
upd02.exe
Jol03.exe
Users are advised to ignore and delete email messages that contain the aforementioned information.
взято с
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AY