VIRUS INFO
|
| Naziv
virusa: |
I.Worm.Avril.B |
| Alias:
|
W32.Lirva
B@mm, I-Worm.Avron, W32/Avril.gen@MM
, W32/Lirva@MM, Worm/Naith.B, Otto
Von Gutenberg |
| Tip: |
worm |
| Način
širenja: |
e-mailom
startovanjem pristiglog attachmenta,
ICQ i mIRC |
| Veličina: |
111
616 bajtova ili 34 815 bajtova ako
je kompresovan |
Destruktivan:
|
ne |
| Datum
aktiviranja: |
odmah
i 7, 11 i 24 u mesecu |
| Otkriven:
|
9.01.2003. |
OBJAŠNJENJE
Ovo
je još jedna varijanta crva Worm.Avril.A.
Stiže
kao e-mail u HTML formatu sa sledećim
karaktaristikama:
Subject
može da ima u naslovu sledeće:
Fw: Redirection error notification
Re: Brigada Ocho Free membership
Re: According to Purge's Statement
Fw: Avril Lavigne - CHART ATTACK!
Re: Reply on account for IIS-Security
Breach (TFTP)
Re: ACTR/ACCELS Transcriptions
Re: IREX admits you to take in FSAU 2003
Fwd: Re: Have U requested Avril Lavigne
bio?
Re: Reply on account for IFRAME-Security
breach
Fwd: Re: Reply on account for Incorrect
MIME-header
Re: Vote seniors masters - don't miss
it!
Fwd: RFC-0245 Specification requested...
Fwd: RFC-0841 Specification requested...
Fw: F. M. Dostoyevsky "Crime and
Punishment"
Re: Junior Achievement
Re: Ha perduto qualque cosa signora?
Telo poruke:
1.
AVRIL LAVIGNE - THE CHART ATTACK!
Vote fo4r Complicated!
Vote fo4r Sk8er Boi!
Vote fo4r I'm with you!
Chart attack active list:
2.
Restricted area response team (RART)
Attachment you sent to is intended to
overwrite
start address at 0000:HH4F
To prevent from the further buffer overflow
attacks apply the MSO-patch
3.
Network Associates weekly report:
Microsoft has identified a security vulnerability
in Microsoft®
IIS 4.0 and 5.0 that is eliminated by
a previously-released patch.
Customers who have applied that patch
are already protected
against the vulnerability and do not need
to take additional action.
Microsoft strongly urges all customers
using IIS 4.0 and 5.0 who
have not already done so to apply the
patch immediately.
Patch is also provided to subscribed list
of Microsoft® Tech Support:
4.
AVRIL LAVIGNE - THE BEST
Avril Lavigne's popularity increases:>
SO: First, Vote on TRL for I'm With U!
Next, Update your pics database!
Chart attack active list .>.>
Attachment može biti
jedan od sledećih fajlova:
ADialer.exe
ALavigne.exe
AvrilLavigne.exe
AvrilSmiles.exe
BioData.exe
CERT-Vuln-Info.exe
Cogito_Ergo_Sum.exe
Complicated.exe
EntradoDePer.exe
IAmWiThYoU.exe
MSO-Patch-0035.exe
MSO-Patch-0071.exe
Phantom.exe
Readme.exe
Resume.exe
SiamoDiTe.exe
Sk8erBoi.exe
Sophos.exe
Transcripts.exe
TrickerTape.exe
Two-Up-Secretly.exe
U samom kôdu crv može pronaći sledeći
detalj:
2002 (c) Otto von Gutenberg
Made in .::]|KaZAkHstaN|[::.
As stated before, purpose is only educational,
however...
I'm back to the scene with one more gift
|Avril-II|
(remember 'A' version of Avril-II)
HINT:NB: NEVER ACCEPT GIFTS FROM THE STRANGER
Avril-II is commonly dangerous because
of its over-trojaned issues
~Greetz to Brigada Ocho (http://vx.netlux.org/~b8),
Darkside Project(http://darkside.dtn.ru)
and Weisses Fleisch Project (http://wf.h1.ru)
~Greetz to Rocco (http://primatelost.net)
Many thankx to my muse Avril Lavigne whose
beauty causes work to flow rapidly
New features included: ICQ/IrC/ShaReD
(urgently persuade to check it instantly)
BackOrifice-server dropper included
P.S.> How is my work?
Cheerz, Otto (www.otto-koden.h1.ru)
Ostale
detalje potražite u opisu Worm.Avril.A.
REŠENJE
Preuzmite
cleaner. ( 
)
Treba uvek imati osveženi antivirusni
program.
|
