Ads WORM_REATLE.D Wednesday, 03 August 2005 Malware type: Worm Aliases: No Alias Found In the wild: Yes Destructive: No Language: English Platform: Windows 98, ME, NT, 2000, XP Encrypted: No Characteristics: Propagates via email, Propagates via software vulnerabilities Description: This worm propagates via email. It sends copies of itself as attachments in email messages that it sends out using its own Simple Mail Transfer Protocol (SMTP) engine. The email message that this worm sends out contains the following details: From: (any combination of the following names and domains) Names: ? admin ? brian ? james ? kevin ? robert ? sales ? smith ? support Domains: ? @aol.com ? @ca.com ? @f-secure.com ? @kaspersky.com ? @mail.com ? @mastercard.com ? @matrix.com ? @mcafee.com ? @microsoft.com ? @msn.com ? @nai.com ? @paypal.com ? @sarc.com ? @security.com ? @securityfocus.com ? @sophos.com ? @symantec.com ? @trendmicro.com ? @visa.com ? @yahoo.com Subject: (any of the following) ? Accounts department ? Document ? Encrypted document ? Fax Message ? Fw: Document ? Fw: Informartion ? Fw: Message ? Fw: Warning ? Good ? HaHa ? Hello! ? Hey! ? Hi! ? Hi! :-) ? Message ? My photos ? Notification ? Price ? Protected message ? Re: Document ? Re: Good! ? Re: Hello ? Re: Hi ? Re: Text message ? Re: Thanks ? Re: Warning ? Re: Well! ? Re: Your file ? Thank you! ? Thanks! ? The Account ? Thx ? Warning ? Well.. ? Your Account ? Your file!! Message Body: (any of the following) ? :) ? :P ? Attach tells everything. ? Attached file tells everything. ? Bye ? Bye :) ? Check attached file for details. ? Check attached file. ? Cya ? Empty ? Here take your credit card information ? Looking forward for a response. ? Message is in attach. ? Pay attention at the attach. ? Read the attach. ? Your account has been blocked for more ? your file!! Attachment: (any combination of the following file names and extensions) File names: ? Details ? Document ? Info ? Message ? MoreInfo ? Readme ? text_document ? Updates Extensions: &BULL; .BAT &BULL; .CMD &BULL; .CPL &BULL; .EXE &BULL; .PIF &BULL; .SCR It also propagates by taking advantage of the Windows LSASS vulnerability. For more information on this vulnerability, please check the following Microsoft Web page: Microsoft Security Bulletin MS04-011 This worm opens TCP ports 3351 and 8190 to allow a remote malicious user to issue certain commands locally on the affected machine. It also modifies the HOSTS file. The said action prevents a user from accessing certain Web sites, most of which are related to antivirus and security applications. For systems running Windows 98 and ME, this worm can disable the Windows Task Manager and the Registry Editor. In addition, this worm uses the same icon as the Windows folder icon to avoid immediate detection.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.