I-Worm.Beglur.a
Description I-Worm.Beglur.a
This is a worm which spreads via the Internet as an attachment to infected emails. The worm itself is a Windows PE EXE file of approximately 8KB. The file is compressed using UPX and Yoda, and is approximately 27KB when uncompressed. It is written in Visual C++
Installation
The worm copies itself to the Windows system directory and registers the file in the SYSTEM.INI auto-run key in the [boot] section in the "shell" key:
shell=Explorer.exe bglr32.exe
Distribution via email
Infected messages contain the following text:
From:
Baath
Subject:
For World of Peace!
Message body:
Saddam Hussien has been captured but Osama Bin Laden still have a power and US will never captured this person until somebody captured Bush. God Bless You!!
The attached file is called
BGLR32.EXE
The worm uses the "IFRAME" breach to launch itself from infected messages.
Check other viruses! Be aware! Use Antiviral Software
Misis.a
Description Misis.a
This is a memory-resident harmless boot virus. It hits the MBR of hard drive on booting from the infected floppy, and the floppy Boot-sectors on reading/writing the disk sectors. It hooks INT 13h. Sometimes it displays the messages in Russian.
Miss-D.1360
Description Miss-D.1360
It is not a dangerous memory resident parasitic virus. It hooks INT 21h, 27h and writes itself to the beginning of COM files that are executed. While infecting it encrypts the host file. On December, 10th it hooks INT 9 (keyboard) and skips every 3rd 'D' char when it is pressed.
|