PureBytes Links
Trading Reference Links
|
Greetings, realtraders@xxxxxxxxxxxxxxx
I thought you would be interested in knowing about this computer Virus...
Name: W32/Badtrans@xx
Characteristics:
This mass mailing worm attempts to send itself using Microsoft Outlook by
replying to unread email messages. It also drops a remote access trojan
(detected as Backdoor-NK.svr with the 4134 DATs; <I>detected heuristically
as New Backdoor prior to the 4134 DAT release</I>).
When run, the worm displays a message box entitled, "Install error" which
reads, "File data corrupt: probably due to a bad data transmission or bad
disk access." A copy is saved into the WINDOWS directory as INETD.EXE and
an entry is entered into the WIN.INI file to run INETD.EXE at startup.
KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a keylogger DLL detected
as DUNpws.av) are written to the WINDOWS SYSTEM directory, and a registry
entry is created to load the trojan upon system startup.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32.exe
<I>Note: Under WinNT/2K, an additional registry key value is entered
instead of a WIN.INI entry:
HKEY_USERS\Software\Microsoft\Windows
NT\CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE </I>
Once running, the trojan attempts to mail the victim's IP Address to the
author. Once this information is obtained, the author can connect to the
infected system via the Internet and steal personal information such as
usernames, and passwords. In addition, the trojan also contains a
keylogger program which is capable of capturing other vital information
such as credit card and bank account numbers and passwords.
The next time Windows is loaded, the worm attempts to email itself by
replying to unread messages in Microsoft Outlook folders. The worm will be
attached to these messages using one of the following filenames (note that
some of these filenames are also associated with other threats, such as <A
target=_blank
href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98797">W95/MTX.gen@x</A
>):
Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif
New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr
README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif
Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif
The message body may contain the text:Take a look to the
attachment.<I>AVERT first received an intended version of this worm
(10,623 bytes) on April 11 from a company in New Zealand.</I>
To check your system for this Virus, and to learn how to protect yourself
from computer viruses, visit the McAfee.com Clinic at
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103.
For complete information on this Virus, view McAfee.com's Virus
Information Library listing at
http://vil.mcafee.com/dispVirus.asp?virus_k=99069.
This email was sent to you by steve
To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxxxxxx
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
|