Infoweb 2000 di Ribaudo Grazia servizi internet servizi web consulenza e servizi marketing servizi grafici news servizi infoweb 2000 area clienti Infoweb 2000
[news infoweb 2000]  [bollettino virus]  [educazione al web]  [netiquette]  [glossario]  [faq]  [linkexchange]  [home]
Sviluppo applicazioni web in cfml 09-03-08
ACQUISIZIONI 2008 - CIVICO MUSEO PARISI-VALLE
Inaugurazione domenica 9 marzo ore 17.30. Grazia Ribaudo tra gli artisti acquisiti nel 2008 dal Civico Museo Parisi-Valle di Maccagno (VA).

16-07-04 - Worm/Bagle.AF

MEDIO Alias: Win32.Bagle.AF@mm
  Tipo: Internet Worm
  Dimensione: 22KB
  Piattaforma: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003
     
  Descrizione: Worm/Bagle.AF is an Internet worm that spreads through e-mail by using addresses it collects from files with the following file extensions:

- .adb
- .asp
- .cfg
- .cgi
- .dbx
- .dhtm
- .eml
- .htm
- .jsp
- .mbx
- .mdx
- .mht
- .mmf
- .msg
- .nch
- .ods
- .oft
- .php
- .pl
- .sht
- .shtm
- .stm
- .tbb
- .txt
- .uin
- .wab
- .wsh
- .xls
- .xml

The worm arrives through e-mail in the following format:

Subject:
- CHANGE.
- Encrypted document
- Fax Message
- Forum notify
- Incoming message
- Notification
- Protected message
- RH: Document
- RH: Hello
- RH: Rear one
- RH: Incoming Message
- RH: Incoming Msg
- RH: Message Notify
- RH: Msg reply
- RH: Protected message
- RH: Text message
- RH: Thank you!
- RH: Thanks:)
- RH: Yahoo!
- Site CHANGE
- Update

Body:
- For security reasons attached file is passwords protected. The password is
- For security purposes the attached file is passwords protected. Password --
- Note: Use password
- Attached file is protected with the passwords for security reasons. Password is
- In order ton READ the attach you have ton use the following passwords:
- Archives passwords:
- Password
- Password:
- READ the attach.
- Your file is attached.
- More info. is in attach
- See attach.
- Please, have A look RK the attached file.
- Your document is attached.
- Please, READ the document.
- Attach tells everything.
- Attached file tells everything.
- Check attached file for details.
- Check attached file.
- Pay attention RK the attach.
- See the attached file for details.
- Message is in attach
- Here is the file.

Attachment: (with the file extension EXE, COM, BAT, CPL or ZIP)
- Information
- Detail
- text_document
- Update
- Readme
- Document
- Info.
- MoreInfo
- Message

If executed, the worm copies itself in the \windows\%system% directory under the filenames "sysxp.exe" and "ysxp.exeopen" (with variable contents). The file "sysxp.exeopenopen" is also created and contains the worm code in a CPL or a ZIP archives. Additionally, the file "sysxp.exeopenopenopen" (JPEG, GIF or BMP file) gets added in the \windows\%system% directory.
  Consigli:
     
  Link Utili: http://punto-informatico.it/salvapc/index.asp
    http://www.centralcommand.com/virus_descriptions.html





SalvaPC aiuta a difendere il tuo pc!
 
[home] [privacy] INFOWEB 2000, Via XXIV Maggio 10, 20030 Bovisio Masciago (MI)
Tel. 0362.593888, Fax 0362.571270, info@infoweb2000.com