Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Instrukcja Użytkownika Strona 25
- Strona / 33
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
NIPC CyberNotes #2002-12 Page 25 of 33 06/17/2002
to ensure that the worm is run each time Windows is started. It will then attempt to e-mail itself to all
addresses listed in the Microsoft Outlook address book. If the worm detects that mIRC is installed, it will
create the file script.ini in the mIRC folder. VBS/VBSWG-AQ will also create the registry entries:
● HKCU\Software\ShakiraPics\mailed
● HKCU\Software\ShakiraPics\mirqued
after it has attempted to spread by e-mail and IRC. The worm will then search all local and network drives
for files with VBE or VBS extensions and overwrite them with a copy of itself. Finally the worm will
display the message "You have been infected by the ShakiraPics Worm."
VBS_NEMITE.A (Visual Basic Script Worm): This mass-mailing worm is a Visual Basic script
(VBScript) that is embedded in an HTML (HyperText Markup Language) file. It propagates via e-mail,
sending messages to all the recipients in an infected users address book. It modifies the Internet Explorer
home page on the 3rd, 5th, and 28th day of the month, and sends out e-mail messages with the following
characteristics:
● Subject: HI
● Message Body: KONO SYASHIN MITE NE !!!!
● Attachment: Syashin3.vbs
VBS_PETIK.G (Alias: PETIK.G, PETIK) (Visual Basic Script Worm): Upon execution, this mass-
mailing worm drops a copy of itself in the root directory of drive C:\. It propagates using Microsoft
Outlook or Outlook Express by sending itself to all entries listed in the infected user's address book.
VBS_PETIK.I (Alias: I-Worm.Petik.I) (Visual Basic Script Malware): This mass-mailing malware can
disable the mouse and the keyboard of an infected computer. It propagates copies of itself as attachment in
an e-mail with the following details:
● Subject: What is the seven sins ??
● Message Body: Look at this file and learn them.
● Attachment: Seven.vbs
VBS_TRILISSA.C (Aliases: TRILISSA.C, I-worm.trilissa.c) (Visual Basic Script Worm): The worm,
WORM_TRILISSA.C, drops this mass-mailing malware. The worm uses this Visual Basic script malware
to propagate copies of itself via e-mail to all addresses listed in infected users' Windows Address Books.
VBS_TRILISSA.D (Aliases: TRILISSA.D, I-worm.TRILISSA.D) (Visual Basic Script Worm): The
worm, WORM_TRILISSA.D, drops this mass-mailing malware. It sends an e-mail with the following
details to all recipients listed in the infected user's Windows Address Book:
● Subject: "Bush is a criminal!"
● Message Body: "Bush is a criminal!!!! See this screensaver!! HE IS A BASTARD!!!"
● Attachment: "Bush_you_are_guilty!!!.scr"
VBS.Slip@mm (Visual Basic Script Worm): This is a mass-mailing worm that uses Microsoft Outlook to
send itself to all contacts in the Outlook Address Book
W32/Chir-A (Alias: I-Worm.Runouce) (Win32 Worm): This is an Internet worm that tries to spread via
e-mail by sending itself to e-mail addresses found in the Windows address book. The e-mail will have the
following characteristics:
● Sender address: <username>@hotmail.com or [email protected]
● Subject line: Hi, i am <username>
● Attached file: p.exe
The worm attempts to exploit a MIME and an IFRAME vulnerability in some versions of Microsoft
Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically
without the user double clicking on the attachment. Microsoft has issued a patch that secures against
this vulnerability which can be downloaded from Microsoft Security Bulletin MS01-027. (This patch was
released to fix a number of vulnerabilities in Microsoft's software, including the one exploited by this
worm.) When run, the worm copies itself into the Windows system folder as runouce.exe and sets the
following registry entry so that the worm will be automatically started when Windows starts up:
Powiązane produkty i podręczniki dla Serwery Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
(51 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.217 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji