I-Worm.Ivalid
Description I-Worm.Ivalid
This is a dangerous worm that spreads via the Internet attached to e-mail messages. The worm itself is a Windows application about 12K in size. To spread, the worm uses SMTP and connects to the "mail.bezeqint.net" e-mail server in order to send infected messages.
The worm obtains a victim's e-mail addresses from HTML files. It searches for *.HT* files on the hard drive and looks for e-mail addresses there.
The infected messages contain the following data:
From: "Microsoft Support" [support@microsoft.com]
Subject: Invalid SSL Certificate',0Dh,0Ah
Attach: SSLPATCH.EXE
Message text:
Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed.
To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge.
Have a nice day, Microsoft Corporation
In case of an error, or when infected messages are sent, the worm encrypts all EXE files the in current and all parent directories. While encrypting, the worm uses standard Windows crypto API.
The worm also contains the following texts in its body:
I-Worm.Invalid, Written By Dr.T/BCVG Network, 2001
The Black Cat Virii Group, 2001
Check other viruses! Be aware! Use Antiviral Software
Seneca.392
Description Seneca.392
It is a very dangerous nonmemory resident parasitic virus. Being executed it searches for .EXE files and overwrites them. On November, 25th it displays:
HEY EVERYONE!!!
Its Seneca's B-Day! Let's Party!
and erases the sectors of the current drive. Sometimes it also displays:
You shouldn't use your computer so much,
its bad for you and your computer.
and erases the sectors.
Sentinel Family
Description Sentinel Family
These are harmless(?) memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM, EXE and OVL files that are executed, opened or renamed. These infectors were written in Pascal language. They contain the encrypted text:
You won't hear me, but you'll feel meall (c) 1990 by Sentinel. With thanks
to Borland
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Muskelservice I Dalarna Kommanditbolag
Ölands StenfÖrÄdling Ab
STÄDCOMPAGNIET 56:AN AKTIEBOLAG
Byggnadsfirma Kjell GrÖnqvist
BjÖrnsholms Bed And Breakfast
|