I-Worm.Beglur.a
Description I-Worm.Beglur.a
This is a worm which spreads via the Internet as an attachment to infected emails. The worm itself is a Windows PE EXE file of approximately 8KB. The file is compressed using UPX and Yoda, and is approximately 27KB when uncompressed. It is written in Visual C++
Installation
The worm copies itself to the Windows system directory and registers the file in the SYSTEM.INI auto-run key in the [boot] section in the "shell" key:
shell=Explorer.exe bglr32.exe
Distribution via email
Infected messages contain the following text:
From:
Baath
Subject:
For World of Peace!
Message body:
Saddam Hussien has been captured but Osama Bin Laden still have a power and US will never captured this person until somebody captured Bush. God Bless You!!
The attached file is called
BGLR32.EXE
The worm uses the "IFRAME" breach to launch itself from infected messages.
Check other viruses! Be aware! Use Antiviral Software
School.403
Description School.403
It is a harmless nonmemory resident parasitic virus. It searches for .COM files and writes itself to the end of the file. It contains the text string:
File is overwrited by SCHOOL SUCK! virus. Finnish quality!
Schubert.323
Description Schubert.323
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. Depending on the system time while writing to a file the virus writes to that file the string:
SCHUBERT 1797-1828.
|