Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Instrukcja Użytkownika Strona 24

  • Pobierz
  • Dodaj do moich podręczników
  • Drukuj
  • Strona
    / 33
  • Spis treści
  • BOOKMARKI
  • Oceniono. / 5. Na podstawie oceny klientów
Przeglądanie stron 23
NIPC CyberNotes #2002-12 Page 24 of 33 06/17/2002
C:\progra~1\kasper~1\avp32.exe
C:\progra~1\trojan~1\tc.exe
C:\progra\norton~1\s32integ.dll
C:\progra\f-prot95\fpwm32.dll
C:\progra\tbav\tbav.dat
C:\progra \mcafee\scan.dat
C:\progra\avpersonal\antivir.vdf
C:\tbavw95\tbscan.sig
Bat/Cup-A searches for a mIRC installation and creates the file script.ini if one is found. The script.ini file
will attempt to forward a copy of the worm to anyone who joins an IRC channel the infected user is
currently logged on to. The folder C:\ThisIsOnlyASimpleWorm will be created and will contain a single
copy of the worm named WorldCup.bat. This worm contains many bugs and several of the above
characteristics are intended functions of the worm and may not work correctly.
HTML_HAIYASP.A (HTML Virus): This Web-based backdoor malware is targeted at Web servers.
When installed on a target system, remote users, even malicious users, may access this infected Web
server using a browser such as Internet Explorer or Netscape Navigator. It compromises network security,
and may be used to delete files and folders from infected systems.
PE_PERRUN.A (Aliases: W32.Perrun, W32/Perrun): This malware is a multi-component, non-
destructive virus that attaches part of its code on JPEG files. This does not infect JPEG files and does NOT
enable these files to propagate this malware. Affected JPEG files facilitate this malware's routine only on
infected machines and behave as normal JPEG files on non-infected systems.
VBS/Chick-F (Alias: I-Worm.Brit-G) (Visual Basic Script Worm): This worm arrives as a compressed
HTML file (CHM). When the file is opened, the worm displays the text "Enable activeX To See Korea
Japan results." If the user enables the ActiveX script, the worm will search drives C:, D:, and E: looking
for a mIRC installation. If the mIRC executable is located, the worm will copy itself into
C:\<windows>\koreajapan.chm. VBS/Chick-F creates a mIRC script file script.ini in the mIRC directory.
The script attempts to forward a copy of the worm to users that join the same IRC channel. Finally
VBS/Chick-F sends an e-mail to the first entry in the user's Outlook address book. The e-mail will have the
following characteristics:
Subject line: RE: Korea Japan Results
Message text: Take a look at these results ... Regards, <Current user>
Attached file:<name of the worm file that is currently running>.
The following registry entry will be set to the value of "1" when the e-mailing routine has been executed:
HKLM\Software\Microsoft\Windows\CurrentVersion\chm
This value acts as a marker and will prevent the e-mailing code from executing next time the worm is
activated.
VBS/Gorum (Visual Basic Script Worm): This is an Internet worm that spreads through e-mail by using
addresses it collects in the Microsoft Outlook Address Book. If executed, the worm copies itself in the root
directory (C:\) under the filenames XXXPic.exe." Additionally, any file it finds ending with the file
extensions, *.bmp, *.doc, *.gif, *.htm, *.jpg, *.pdf, *.vbs, or *.xls, a second file will be created with the
extension *.exe with the same file name. For example if "family_photos.gif" is found, the file
"family_photos.exe" will be created.
VBS/VBSWG-AQ (Visual Basic Script Worm): This virus has been reported in the wild. It is an e-mail
worm. The worm spreads using an e-mail with the following characteristics:
Subject line: Shakira's Pics
Message text: Hi : i have sent the photos via attachment have funn...
Attached file: ShakiraPics.jpg.vbs
When the attachment is run, it will copy itself into the Windows folder and add the registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Registry
Przeglądanie stron 23
1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 32 33

Komentarze do niniejszej Instrukcji

Brak uwag