I-Worm.Gizer.c
Description I-Worm.Gizer.c
Gizer is a worm virus spreading via the Internet as an attachment to infected emails - it appends itself to Zip archives.
The worm itself is a Windows PE EXE file about 8 KB in length and written in Assembly language.
Infected messages have the following characteristics:
From: Microsoft Critical Response Team
Subject: Urgent message for all Windows users
Body:
Dear Windows User, The Microsoft Security Experts have discovered a bug inside the Windows files that poses a security threat to all versions of Windows newer than Windows98 (including Windows98). Virus experts have reported that few known viruses have been identified using this exploit, but more are expected. A patch has been supplied with this email and will fix the security hole. **THIS MESSAGE WAS DELIVERED BY THE AUTHOR FROM ENERGY WORM !!!** Attachment name: patch.exe
The worm activates from infected email only when a user clicks on the attached file.
The worm does not install itself to the system and is not repeatedly activated. The only way to run the virus again is to double click the attached file.
When the worm is launched, it copies itself to the current folder under the name windows.tmp, and displays the following message:
Could not patch due to bad CRC!
Spreading: e-mail
To send infected messages the worm connects to the SMTP server specified as the default in Windows. Gizer then sends messages to all addresses found in the Windows address book (WAB database).
Spreading: archives
Gizer also searches for all files with the .ZIP extension on all hard drives and appends its copy to them.
Check other viruses! Be aware! Use Antiviral Software
BVM.831
Description BVM.831
It is a very dangerous nonmemory resident encrypted parasitic virus. It writes itself to the end of .COM files. Being executed the virus searches for COMMAND.COM file by scanning Environment area for the COMSPEC= string, then it searches for *.COM files and infects them. On July 1st the virus erases the FAT of the C: drive. Depending on the system time it displays the message:
This program requires Microsoft Windows.
and returns the control to DOS instead of the host program. The virus also contains the strings:
*.COM COMSPEC=
Made by BVM
Bward.1024
Description Bward.1024
It is a very dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of EXE files that are executed. Depending on the installed BIOS the virus displays the message:
Üdv!
On each 4000th keyboard entry the virus erases random selected disk sectors. The virus contains the text string:
Bward07/25/87
|