Ads W32.Dabora.B@mm Sunday, 01 January 2006 W32.Dabora.B@mm is a mass-mailing worm that mimics financial Web sites. Type: Worm Infection Length: 140,065 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Damage Payload Trigger: n/a Payload: The emails contain a URL that will download a copy of the worm if it is visited. Large scale e-mailing: Sends a large volume of emails using its own SMTP engine. Deletes files: n/a Modifies files: n/a Degrades performance: Creates a mass-mailing of itself which may clog mail servers or degrade network performance. Causes system instability: Creates a mass-mailing of itself which may impact the compromised computers performance. Releases confidential info: n/a Compromises security settings: n/a Distribution Subject of email: Varies Name of attachment: n/a Size of attachment: n/a Time stamp of attachment: n/a Ports: n/a Shared drives: n/a Target of infection: n/a When W32.Dabora.B@mm is executed, it performs the following actions: Opens the URL www.ocarteiro.com.br/[REMOVED]/cartoes/flash215.swf in a Web browser, which is a harmless Flash file. Creates the file %System%spvspool.exe. Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Adds the value: "wnxpupdate" = "%System%spvspool.exe" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that it runs every time Windows starts. Gathers email addresses from the Windows Address Book and uses its own SMTP engine to send HTML-based emails to the addresses gathered from the compromised computer. The emails appear to mimic the layout of Brazilian banking Web sites. The emails contain a URL that will download a copy of the worm if it is visited. The email has the following characteristics: Subject: One of the following: Seu amigo (a) enviou um websong Uma Amigo (a) te mandou um Postal Musical Novo usuario Adicionado G.V1240 - Novo usuario Adicionado G.V500 - te enviou uma entrega. Voce recebeu uma entrega oCarteiro.COM. eu te amo muito , mas as pessoas... Porque voce me ignora..porque? To delete the value from the registry Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "wnxpupdate" = "%System%spvspool.exe" Exit the Registry Editor.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.