Infoweb 2000 di Ribaudo Grazia servizi internet servizi web consulenza e servizi marketing servizi grafici news servizi infoweb 2000 area clienti Infoweb 2000
[news infoweb 2000]  [bollettino virus]  [educazione al web]  [netiquette]  [glossario]  [faq]  [linkexchange]  [home]
Sviluppo applicazioni web in cfml 09-03-08
ACQUISIZIONI 2008 - CIVICO MUSEO PARISI-VALLE
Inaugurazione domenica 9 marzo ore 17.30. Grazia Ribaudo tra gli artisti acquisiti nel 2008 dal Civico Museo Parisi-Valle di Maccagno (VA).

14-06-04 - Worm/Zafi.B

BASSO Alias: Win32.Zafi.B@mm
  Tipo: Internet Worm
  Dimensione: 12,800 bytes
  Piattaforma: Windows 95/98/ME/NT/2000/XP
     
  Descrizione: Worm/Zafi.B is an Internet worm that spreads through e-mail by using its own SMTP engine and by using addresses it collects from files with certain file extensions on the infected system. It also drops copies of itself in folders containing the words, "upload" and "share". This allows the worm to potentially travel over various Peer-2-Peer (P2P) networks.

The worm might arrive through e-mail in one of the following formats:

From: Jennifer
Subject: Don`t worry, be happy!
Body: Hi Honey!

I`m in hurry, but i still love ya...
(as you can see on the picture)

Bye - Bye: Jennifer

Attachment: www.ecard.com.funny.picture.index.nude.php356.pif

or

From: Herbarium05
Subject: Check this out kid!!!
Body: Send me back bro, when you`ll be done...(if you know what i mean...)

See ya, Herbarium05

Attachment: jennifer the wild girl xxx07.jpg.pif

or

From: Jennifer
Subject: You`ve got 1 VoiceMessage!
Body: Dear Customer!

You`ve got 1 VoiceMessage from voicemessage.com website!
Sender: Jennifer
You can listen your Virtual VoiceMessage at the following link:
http://virt.voicemessage.com/index.listen.php25affv
or by clicking the attached link.

Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).

Attachment: link.voicemessage.com.listen.index.php1Ab2c.pif

or

From: PC
Subject: PC
Body: Surprise!

Attachment: Surprise.exe

If executed, the worm copies itself in the \windows\%system% directory under random filenames. The random filenames will be 8 characters long and carry a .dll and .exe file extension (ie. pphwbyo.dll. tbqhhixl.exe). Additionally, the files "Total Commander 7.0 full_install.exe" and "winamp 7.0 full_install.exe" gets added in any directory it locates containing the strings "Share" and "upload".

So that it gets run each time a user restart their computer the following registry key gets added:

- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
_Hqzafibb=C:\Windows\System\.EXE

The registry key:

- HKEY_LOCAL_MACHINE\Software\Microsoft\_Hqzafibb

also gets created.

Worm/Zafi.B will copy itself to any .exe file it locates and terminates all application that have following strings in their filename: 'firewall' or 'virus'.
  Consigli:
     
  Link Utili: http://punto-informatico.it/salvapc/index.asp
    http://www.centralcommand.com/virus_descriptions.html





SalvaPC aiuta a difendere il tuo pc!
 
[home] [privacy] INFOWEB 2000, Via XXIV Maggio 10, 20030 Bovisio Masciago (MI)
Tel. 0362.593888, Fax 0362.571270, info@infoweb2000.com