|
0 members (),
592
guests, and
23
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
S |
M |
T |
W |
T |
F |
S |
|
|
|
|
1
|
2
|
3
|
4
|
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
|
26
|
27
|
28
|
29
|
30
|
31
|
|
|
There are no members with birthdays on this day. |
#27920
Thu 17 May 2001 02:25:PM
|
Joined: Feb 2001
Posts: 3,536
Mission Commander
|
OP
Mission Commander
Joined: Feb 2001
Posts: 3,536 |
==============================================<BR>VBS/Hard.A.Worm Outlook Express e-mail worm<BR>==============================================<P>VBS/Hard.A.Worm<P>Hard.A is a worm spreading via the e-mail<BR>system using Microsoft Outlook Express. It<BR>arrives in a message with the Subject line:<P>"FW: Symantec Anti-Virus Warning"<P>The entire message body reads:<P>----- Original Message -----<BR>From: <warning@symantec.com><BR>To: <supervisor@av.net>;<BR><security@softtools.com>;<BR><mark_fyston@storess.net>;<BR><directorcut@ufp.com>;<BR><pjeterov@goldenhit.org>;<BR><kim_di_yung@freeland.ch>;<BR><james.heart@macrosoft.com><BR>Subject: FW: Symantec Anti-Virus Warning<P>Hello,<BR>There is a new worm on the Net.<BR>This worm is very fast-spreading and very<BR>dangerous!<BR>Symantec has first noticed it on April 04,<BR>2001.<BR>The attached file is a description of the worm<BR>and how it replicates itself.<P>With regards,<BR>F. Jones<BR>Symantec senior developer<P>When the attachment is executed, the worm<BR>copies itself to the file:<P>"c:\www.symantec.com.vbs".<P>It then creates and displays an html page which<BR>is supposed to look like an official worm<BR>warning from Symantec. This file is called:<P>c:\www.symantec.com.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}<P>Next, Hard.A creates and executes the batch file:<P>c:\switch.bat<P>As the result, the file<BR>"c:\www.symantec.com.{3050F4D8-98B5-11CF-BB82-<BR>00AA00BDCE0B}" is copied to the file:<BR>"c:\www.symantec.com.hta".<P>Then the worm creates yet another file:<BR>"c:\www.symantec_send.vbs"; this program is<BR>responsible for mailing the worm out via<BR>Microsoft Outlook Express.<P>The last new file created by the worm is<BR>"c:\message.vbs"; on November 24th, this<BR>program displays a message:<P>"Don't look surprised!<P>It is only a warning about your stupidity<BR>Take care!"<P>Finally, Hard.A modifies the registry making<BR>sure that the worm will be executed at the next<BR>reboot and that the starting page for Internet<BR>Explorer is the local html file created by the<BR>worm earlier (the fake Symantec warning).
|
|
CMS The Best Conveyancing solicitors conveyancing quotes throughout the UK
For any webhosting enquiries please email webmaster@aus-city.com
|
|
Forums60
Topics684,840
Posts719,451
Members2,957
| |
Most Online3,142
Jan 16th, 2023
|
|
|
