Infoweb 2000 di Ribaudo Grazia servizi internet servizi web consulenza e servizi marketing servizi grafici news servizi infoweb 2000 area clienti Infoweb 2000
[news infoweb 2000]  [bollettino virus]  [educazione al web]  [netiquette]  [glossario]  [faq]  [linkexchange]  [home]
Sviluppo applicazioni web in cfml 09-03-08
ACQUISIZIONI 2008 - CIVICO MUSEO PARISI-VALLE
Inaugurazione domenica 9 marzo ore 17.30. Grazia Ribaudo tra gli artisti acquisiti nel 2008 dal Civico Museo Parisi-Valle di Maccagno (VA).

01-09-04 - TR/Bagle.AK

BASSO Alias: W32/Bagle.dll.dr, Download.Ject.C
  Tipo: Trojan Downloader
  Dimensione: 12,800 bytes
  Piattaforma: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003
     
  Descrizione: TR/Bagle.AL is a trojan downloader that has been emailed out in attempt to get it executed. If executed, the exe file downloads the worms component from various web pages. Only the worms component is able to send out emails. At the time of writing the file on the web pages where the worm tries to download was unavailable.

The email sent out will carry the following email characterisitics:

Subject: foto
Body: foto
Attachment: foto.zip

The zip file contains poto.html and calc.exe. If the html is executed the exe file gets opened. The troajn will

copy itself in the System directory under the filename "doriot.exe". It will also create the file "gdqfw.exe"

(9,728 bytes) in the System directory.

In order to get executed each time Windows is restarted, the following registry keys are added:

- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"wersds.exe"="C:\\WINDOWS\\System32\\doriot.exe"

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"wersds.exe"="C:\\WINDOWS\\System32\\doriot.exe"


The following processer are disabled:

ATUPDATER.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVPUPD.EXE
AVWUPD32.EXE
AVXQUAR.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
DRWEBUPW.EXE
ESCANH95.EXE
ESCANHNT.EXE
FIREWALL.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
MCUPDATE.EXE
NUPGRADE.EXE
NUPGRADE.EXE
OUTPOST.EXE
UPDATE.EXE
UPGRADER.EXE

The trojan tries to download a file from the following websites:

http://allianzsp.sk/b.jpg
http://coolweb.psg.sk/b.jpg
http://cryofthespirit.com/b.jpg
http://dollypop.com/b.jpg
http://execpage.com/b.jpg
http://helpdemos.com/b.jpg
http://helpingyouth.org/b.jpg
http://jamesbronner.com/b.jpg
http://koti.pl/b.jpg
http://miracle.v6.cz/b.jpg
http://mountainwings.com/b.jpg
http://mountainwings.com/b.jpg
http://mountainwings4.com/b.jpg
http://naturalpros.com/b.jpg
http://oracal.pl/b.jpg
http://shock.evernet.com.pl/b.jpg
http://SportLine.go.ro/b.jpg
http://stroipolymer.ru/b.jpg
http://theonlineword.com/b.jpg
http://virtualchurch.com/b.jpg
http://visionforsouls.org/b.jpg
http://wingsoverlife.com/b.jpg
http://www.1800thewoman.com/b.jpg
http://www.1944.pl/b.jpg
http://www.45partsdepot.com/b.jpg
http://www.7pe.friko.pl/b.jpg
http://www.air-computers.com.ar/b.jpg
http://www.ametist.spb.ru/b.jpg
http://www.apodis.pl/b.jpg
http://www.arrasy.pl/b.jpg
http://www.arthurspeaks.com/b.jpg
http://www.astermed.pl/b.jpg
http://www.atomique.pl/b.jpg
http://www.atw.hu/b.jpg
http://www.avatar.ee/b.jpg
http://www.avers.com.pl/b.jpg
http://www.baltexpo.spb.ru/b.jpg
http://www.bomart.cz/b.jpg
http://www.bravo.gliwice.pl/b.jpg
http://www.bronnerbros.com/b.jpg
http://www.buycare.com/b.jpg
http://www.cumparacd.go.ro/b.jpg
http://www.da-rom.co.il/b.jpg
http://www.domu.net/b.jpg
http://www.eastandard.co.ke/b.jpg
http://www.elblu.republika.pl/b.jpg
http://www.elcorsy.com/b.jpg
http://www.elite-style.com/b.jpg
http://www.enduser1.fast.net/b.jpg
http://www.enitex.by/b.jpg
http://www.enitex-m.by/b.jpg
http://www.eris.pl/b.jpg
http://www.europharm.pl/b.jpg
http://www.extreme-racing.lg.ua/b.jpg
http://www.fotel.pl/b.jpg
http://www.fotolab.sk/b.jpg
http://www.frater.hu/b.jpg
http://www.gardameditech.com/b.jpg
http://www.gardameditech.com/b.jpg
http://www.generex.de/b.jpg
http://www.goldgates.com/b.jpg
http://www.goodboy.dem.ru/b.jpg
http://www.hards.pl/b.jpg
http://www.healthcometh.com/b.jpg
http://www.holz-studio.at/b.jpg
http://www.ibplus.sk/b.jpg
http://www.icpnet.pl/b.jpg
http://www.icpnet.pl/b.jpg
http://www.inlan.sk/b.jpg
http://www.jamesbronner.com/b.jpg
http://www.jamesbronner.com/b.jpg
http://www.jbplus.cz/b.jpg
http://www.justmatchit.com/b.jpg
http://www.justmatchit.com/b.jpg
http://www.kubtelecom.ru/b.jpg
http://www.kuda.com.ua/b.jpg
http://www.lacittadifiorenzuola.it/b.jpg
http://www.lotusdog.net/b.jpg
http://www.ltvo.spb.ru/b.jpg
http://www.master.pl/b.jpg
http://www.members.aon.at/b.jpg
http://www.moteplassen1.com/b.jpg
http://www.mountainwings2.com/b.jpg
http://www.multifoto.sk/b.jpg
http://www.nadodrze.pl/b.jpg
http://www.nairobiwebspace.com/b.jpg
http://www.nameitright.com/b.jpg
http://www.nardo.bbe.pl/b.jpg
http://www.netland.gda.pl/b.jpg
http://www.netta.pl/b.jpg
http://www.nikola.piwko.pl/b.jpg
http://www.ntrlab.com/b.jpg
http://www.nustep.sk/b.jpg
http://www.octava.pl/b.jpg
http://www.odevnictvo.sk/b.jpg
http://www.oftza.friko.pl/b.jpg
http://www.oktbroiler.ru/b.jpg
http://www.online40.com/b.jpg
http://www.online50.com/b.jpg
http://www.oto.lv/b.jpg
http://www.pancoopzsv.co.yu/b.jpg
http://www.pay5495.com/b.jpg
http://www.pc-hard.com.ua/b.jpg
http://www.perfect-beauty.at/b.jpg
http://www.perfect-beauty.at/b.jpg
http://www.pharmag.pl/b.jpg
http://www.pharmag.pl/b.jpg
http://www.polsl.katowice.pl/b.jpg
http://www.prophetcollins.com/b.jpg
http://www.propi.cz/b.jpg
http://www.pursuit.rv.ua/b.jpg
http://www.pyrlandia-boogie.pl/b.jpg
http://www.quatro.sk/b.jpg
http://www.r-bazar.ru/b.jpg
http://www.roszkowski.pl/b.jpg
http://www.silvic.ro/b.jpg
http://www.sincron.go.ro/b.jpg
http://www.skylive.pl/b.jpg
http://www.smgkrc.pl/b.jpg
http://www.soulring.com/b.jpg
http://www.star-max.it/b.jpg
http://www.sunbud.com.pl/b.jpg
http://www.swez.net/b.jpg
http://www.system5electronics.com/b.jpg
http://www.tcvwebtv.com.ar/b.jpg
http://www.thewoman.com/b.jpg
http://www.tivis.cz/b.jpg
http://www.ukpl.pl/b.jpg
http://www.vacation-network.net/b.jpg
http://www.wyspian.iap.pl/b.jpg
http://www.zasada-rowery.pl/b.jpg
  Consigli:
     
  Link Utili: http://punto-informatico.it/salvapc/index.asp
    http://www.centralcommand.com/virus_descriptions.html





SalvaPC aiuta a difendere il tuo pc!
 
[home] [privacy] INFOWEB 2000, Via XXIV Maggio 10, 20030 Bovisio Masciago (MI)
Tel. 0362.593888, Fax 0362.571270, info@infoweb2000.com