Virus Database

I-Worm.Borzella

Description I-Worm.Borzella

I-Worm.Borzella is a worm virus spreading via the Internet in an infected file attached to e-mails.
The worm itself is a Windows PE EXE file about 50Kb in length and written in Microsoft Visual C++.
The infected messages have Subject/Body/Attachment names that are randomly selected from three variants each.
Infected messages contain:
Subject:
Storielle..
Leggete urgentemente questa e-mail!! (se avete tempo da perdere)
Divertimento assicurato..

Body:
Ciao, guarda l'allegatoall ti potrebbe interessare.
Ciao, devi assolutamente vedere il file che ti ho allegato.
Ciao, dai un'occhiata all'allegato e ti farai due risate ;-)

Attach:
bar.exe
pippo.exe
porkis.exe

Messages displayed by the Borzella virus:







On September 6 Borzella will put forth the following message:

The worm activates only when a user clicks on the attached file. Once this is done the worm then installs itself into the system, runs a spreading routine and delivers its payload.
Installing

While installing the worm copies itself into the Windows directory with the dllmgr.exe name and registers that file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun Dll Manager = %WinDir%dllmgr.exe
The worm then displays the following messages:
Quiz Cosa dice un vettore ad un altro?
Risposta ...Scusa, hai un momento?...
Barzelletta
Sai chi e il fratello di Giorgio Armani?
Risposta
...Emporio!
Quiz
Ti trovi al volante della tua auto e circoli ad una velocitÁ costante.
Alla tua sinistra c'e un precipizio.
Alla tua destra un camion dei pompieri che viaggia esattamente alla tua stessa velocitÁ.
Davanti a te cavalca un maiale visibilmente piu grande della tua macchina.
Dietro di te ti segue un elicottero che vola raso terra.
Gli ultimi due, anch'essi alla tua stessa velocitÁ.
Che fai per fermarti?

Risposta
...scendi dalla giostra,imbecille!!!
Cavolata finale
Gesu ai discepoli: 'In veritÁ, in veritÁ vi dico: y=x^2-4x+7'.
I discepoli commentano un po' fra di loro, poi Pietro si avvicina mestamente a Gesu, dicendogli:

'Maestro, perdonaci, ma non comprendiamo il tuo insegnamento...'

On September 6th the worm also displays the message:

Accadde il 6 settembre
Attenzione signori!!!
Oggi non e' mica un giorno fesso come gli altri: spegnete il computer e uscite,godetevi la vita,abbracciate e baciate la persona a voi piu' cara.
Viva l'amore.
;-)

Spreading
To send infected messages the worm uses a direct connection to the SMTP server. To get victim email addresses the worm opens and scans the Windows Address Book (WAB).

Check other viruses! Be aware! Use Antiviral Software

Rauser.164.a

Description Rauser.164.a

These are dangerous memory resident encrypted viruses. They hook INT 21h and while executing .COM files overwrite them, and while executing .EXE files create the companion .COM file.
"Rauser.250,253" display:
Maaike I Love You !

RavenSys.1324

Description RavenSys.1324

It is not a dangerous memory resident parasitic virus. It writes itself to the end of SYS files (device drivers). The header of the virus contains the text: "RAVEN00X". The virus hooks INT 21h, intercepts Exec DOS call (4Bh) and on executing any program searches for SYS files and infects them.
When an infected driver is loaded into the memory, the virus hooks INT 21h and stays memory resident. It does it in two different ways depending on the system conditions. In case of first way, the virus leaves its TSR copy at the same addresses as being loaded. Then it waits for DOS system ChangeMemory call (AH=4Ah), allocates new block of memory and copies itself to there. In case of second way the virus writes its code on the first track of the hard drive (not used sectors) and copies its "loader's" (90 bytes) code to Interrupt Vectors Table. Then it, the same as in case of first way, waits for ChangeMemory DOS call, allocates a block of memory, and reads to there its code from the hard drive.
While installing memory resident the virus displays the message:
+-+---·-· · · Raven Sys Infector 1.0 · · ·----+-+
+-+-----------------------------------------------------------------+-+
+-¦-+ Created By Stone Shadow +-:-¦
+-:-+ Copyright (c) 1995 - 96 By COEAC Viral System Development. +-¦-¦
+-+-----------------------------------------------------------------+-+
+-+--- ·· · · Creatures Of Electronic Anti Christ · · ·· ---+-+

Home