|
|
| MEDIO |
Alias: |
|
| |
Tipo: |
Internet Worm |
| |
Dimensione: |
25,573 Bytes |
| |
Piattaforma: |
Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003 |
| |
|
|
| |
Descrizione: |
Worm/Bagle.AI is an Internet worm that spreads through e-mail by using addresses it collects from files with the following file extensions:
- .adb
- .asp
- .cfg
- .cgi
- .dbx
- .dhtm
- .eml
- .htm
- .jsp
- .mbx
- .mdx
- .mht
- .mmf
- .msg
- .nch
- .ods
- .oft
- .php
- .pl
- .sht
- .shtm
- .stm
- .tbb
- .txt
- .uin
- .wab
- .wsh
- .xls
- .xml
It avoids sending emails to addresses containing one of the following strings:
- @avp.
- @foo
- @iana
- @messagelab
- @microsoft
- abuse
- admin
- anyone@
- bsd
- bugs@
- cafee
- certific
- contract@
- feste
- free-av
- f-secur
- gold-certs@
- google
- help@
- icrosoft
- info@
- kasp
- linux
- listserv
- local
- news
- nobody@
- noone@
- noreply
- ntivi
- panda
- pgp
- postmaster@
- rating@
- root@
- samples
- sopho
- spam
- support
- unix
- update
- winrar
- winzip
The worm will carry the following email characterisitics:
Subject:
Re:
Body:
The body is an HTML constructed like:
>
Where is one of the following:
- fotogalary and Music
- Predators
- Animals
- foto3
- foto3 and MP3
- fotogalary
- fotoinfo
- Lovely animals
- Screen
- The snake
Attachment
- New_MP3_Player
- Music_MP3
- Cat
- Dog
- Garry
- Cool_MP3
- MP3
- Doll
- Fish
with one of the following extension:
- .com
- .cpl
- .exe
- .scr
- .zip
If executed, the worm copies itself in the \windows\%system% directory under the filenames "winxp.exe" and "winxp.exeopen" (with variable contents). The file "winxp.exeopenopen" is also created and contains the worm code in a CPL or a ZIP archives. Additionally, the file "cjestor.exe" gets added in the \windows\ directory. |
| |
Consigli: |
|
| |
|
|
| |
Link Utili: |
http://punto-informatico.it/salvapc/index.asp |
| |
|
http://www.centralcommand.com/virus_descriptions.html |
|
|
|
