|
|
| MEDIO |
Alias: |
W32/MyDoom.O@mm |
| |
Tipo: |
Internet Worm |
| |
Dimensione: |
28,832 Bytes |
| |
Piattaforma: |
Microsoft Windows 9x/ME/NT/2000/XP |
| |
|
|
| |
Descrizione: |
Worm/MyDoom.M is a memory resident Internet worm that spreads through e-mail by using addresses it locates in files with certain extensions.
The worm arrives through e-mail in the following format:
Subject:
- Returned mail: see transcript for details
- Returned mail: Data format error
- sfupmpndzmivdnog
- Mail System Error - Returned Mail
- Delivery reports about your e-mail
- MESSAGE COULD NOT BE DELIVERED
- test
- Message could not be delivered
Body:
- This message was not delivered due to the following reason:
- The original message was included as attachment
- The original message was received at Mon, 26 Jul 2004 17:00:31 -0700
- Dear user alex0612@testvir.de, administration of testvir.de would like to inform you that,
Attachment:
- game@zone.com.zip
- now@zone.com
- privacy@180solutions.com.zip
-
- text
- attachment
- mail
- document
- instruction
- message
- letter
- file
- readme
- transcript
** these file names carry one of the following file extensions, .cmd, .pif, .zip, .com, .exe, .bat
If executed, the worm copies itself in the \windows\ directory under the filename "java.exe". The following files are also added:
- C:\Documents and Settings\Makrorechner\Local Settings\Temp\zincite.log
- C:\Documents and Settings\Makrorechner\Local Settings\Temp\bseobf.log
- C:\WINDOWS\services.exe
So that it gets run each time a user restart their computer the following registry keys get added:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"JavaVM"="C:\\WINDOWS\\java.exe"
"Services"="C:\\WINDOWS\\services.exe" |
| |
Consigli: |
|
| |
|
|
| |
Link Utili: |
http://punto-informatico.it/salvapc/index.asp |
| |
|
http://www.centralcommand.com/virus_descriptions.html |
|
|
|
