VIRUS INFO ARCHIVES - PAGE 6
From July 2001 until September, 2001

Includes Info on:

- "W32/Nimda@MM"
- "W32/SirCam@mm

  This page will include any virus information that I acquire and feel it warrants passing on. Please check this page occasionally as I will be trying to add more to it as time goes by.

 

Please also check out these sites. There is a wealth of knowledge and information on each of them. And get yourself an anti-virus program! You can just click on the links and they will come up in a new browser. Information available at these sites includes real virus and hoax virus info and also they usually have their anti-virus program available at these sites for those that sell them through a link to their main page.

 

"Norton Anti-Virus Programs"
or it is at: http://www.symantec.com/avcenter/hoax.html

"CIAC"
or the page is at: http://www.ciac.org/ciac/CIACHoaxes.html

Another reliable one is: "MYTHS"
or it is at: http://www.kumite.com/myths/

Another very good and well known one: "DATAFELLOWS"
or it is at: http://www.datafellows.com/news/hoax/

And last but not least.. Dr. Solomon's (another well known one) at: "DR. SOLOMON'S"
or it is at: http://www.drsolomon.com/vircen/index.cfm

HACKERS INFORMATION
http://antionline.com/fight-back/
"HACKERS INFORMATION" Everyone should check this site out!

******************************************************

****************************************************

"W32/Nimda@MM" Sept 2001"

is a High Risk virus

This is a HIGH RISK virus that can infect all unprotected home users and business users of Win9x/NT/2000/ME.

W32/Nimda@MM spreads via email, via shared drives, folders or files, and via infected HTM/L (Web) pages. In addition, it will look for IIS servers to infect via the Microsoft Web Folder Transversal vulnerability vulnerability (also used by W32/CodeBlue).

It is possible to activate the virus by viewing an infected email message within the Microsoft Outlook Preview Pane.

The email attachment name varies and may use the icon for an Internet Explorer HTML document.

Payload - What can this virus do?

Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable. It may also take up a large amount of space on your hard drive.

It will attempt to spread itself as follows:
The email messages created by the worm contain an attachment that can be executed even if the user does not open it and without the user's knowledge.

It infects HTML documents. When the infected documents are accessed (locally or remotely), the machine viewing the page is infected.

When the virus finds an open share, it copies itself to each folder on the drive in .EML format. This can include the START UP folder.

The worm scans IP addresses looking for IIS servers to infect via the Web Folder Transversal vulnerability.

It tries to use the backdoor created by W32/CodeRed.c to infect.

It adds worm code to .EXE files.

Email addresses are gathered by extracting the email addresses from MAPI messages in Microsoft Outlook and Microsoft Outlook Express, as well as from HTM and HMTL documents. Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.

See http://www.mcafee.com/anti-virus/viruses/nimda/default.asp?cid=2444 for detection and removal instructions of this virus.

****************************************************

"W32/SirCam@mm (Sir Cam Virus) July 2001"

McAfee.com has seen a large and growing number of consumer computers infected with W32/SirCam@MM. This is a HIGH RISK VIRUS FOR CONSUMERS. The infected email can come from addresses that you recognize. Attached is a file with two different extensions. The file name itself varies.

The email message can appear as follows:

Subject: [filename (random)]
Body: [content varies]

---ENGLISH VERSION---

Hi! How are you?

I send you this file in order to have your advice or I hope you can help me with this file that I send or I hope you like the file that I sendo you or This is the file with the information that you ask for

See you later. Thanks

---SPANISH VERSION---

Hola como estas ?

Te mando este archivo para que me des tu punto de vista or Espero me puedas ayudar con el archivo que te mando or Espero te guste este archivo que te mando or Este es el archivo con la información que me pediste

Nos vemos pronto, gracias.

The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder and attempts to send copies of these documents to email recipients found in the Windows Address Book and addresses found in cached files.

If you have McAfee and are a Retail VirusScan Users (purchased the box product from a store) : Version 4.0.70 and above with DAT file 4148 will detect and remove this virus.

 ***********************************************

On to Virus Info Archives - #7 |
Go Back

 

Send this page by email to a friend!        Instructions to send pages through ICQ/AOL etc.

Sign or View my Guestbook

"Back to Main "Purple" Section Index"
"Back to Main Entry Page for other Sections"

postcards, recommend this site, join my updates list, vote for me, FAQS, and much more. All in one place for you

Go Back to the page you just came from

 

This page has been accessed times.

 

© vjr All Rights reserved.