Results 1 to 2 of 2

Thread: a new virus, with a twist

  1. August 18th, 2003, 05:03 PM #1
    creeper2
    creeper2 is offline
    Inactive Member creeper2's Avatar
    Join Date
    June 16th, 2003
    Posts
    2,297
    Follows
    0
    Following
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Send a message via AIM to creeper2

    Post

    kinda like pepsi twist, though i despise pepsi products.

    UnderAttack writes "This morning, the SANS Internet Storm Center posted a note about an increase in ICMP traffic, including a quick initial analysis. As it turns out, yet another worm, this time the W32/Nachi.worm, is going around taking advantage of the RPC DCOM vulnerability. The twist this time: the worm will actually clean up machines. It tries to download the correct patches from Windows Update and remove the Blaster worm."

    some more info for you:
    Intentions of the worm
    This worm tries spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.

    Downloading of Patches
    The worm carries links to various patches for the MS03-026 vulnerability:

    http://download.microsoft.com/downlo...80-x86-KOR.exe
    http://download.microsoft.com/downlo...80-x86-CHT.exe
    http://download.microsoft.com/downlo...80-x86-CHS.exe
    http://download.microsoft.com/downlo...80-x86-ENU.exe
    http://download.microsoft.com/downlo...80-x86-KOR.exe
    http://download.microsoft.com/downlo...80-x86-CHT.exe
    http://download.microsoft.com/downlo...80-x86-CHS.exe
    http://download.microsoft.com/downlo...80-x86-ENU.exe
    The worm attempts to download and install one of these patches on the victim machine.


    Removal of W32/Lovsan.worm.a
    The worm also looks for and removes W32/Lovsan.worm.a from an infected system. It achieves this by targeting MSBLAST.EXE. (The process is terminated if running on the victim machine.) NB: The Registry hook employed by MSBLAST.EXE is not removed by the worm.

    Self removal
    When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.
  2. December 20th, 2011, 09:09 AM #2
    marktikolo
    marktikolo is offline
    Inactive Member marktikolo's Avatar
    Join Date
    December 20th, 2011
    Posts
    4
    Follows
    0
    Following
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)

    Re: a new virus, with a twist

    Virus warning, almost like the virus itself is not good. Recently, we got an email from a manager, he got a virus on his computer, and installed a bad dll files, it is sent to his address book that everyone and his blind forward the message to everyone, he knew asking them to delete the file. We check the DLL file is legitimate, and e-mail itself is a scam. Some people just dumb, they will put forward whatever they received. Receive a virus warning, I am very tired. They usually just junk mail, most people have never recognized the problem, they push before sending.
    [url=http://smallbusiness.norton.com?om_ext_cid=soho_ext_blurbpoint_forum]Norton business[/url]
« Hanky Panky or Revolution Hazy | OLD GLAM HOLLYWOOD MAGAZINE »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules