I-Worm.Sidex
Description I-Worm.Sidex
This is a virus-worm that spreads via the Internet attached to infected e-mail, infecting the local network. The worm itself is a Windows PE EXE file about 107K in length (compressed PCShrink, 202K decompressed), and is written in Delphi.
Infected messages contain:
Subject: Sites Pornos
Body: Tudo bem to te enviando uma lista dos melhores sites pornos da,br> uma olhada depois me avisa c voce gostou até mais um Abração Do
seu melhor amigo ;-)
Attachment: SitesDeSexo.doc.exe
The worm activates from infected e-mail only when a user clicks on an attached file. The worm then installs itself to the system, runs its spreading routine and payload.
Installing
While installing, the worm copies itself to the Windows system directory with the VxBrasil.exe name, and registers that file in the auto-run command in the following WIN.INI file:
[windows] run=%SystemDir%VxBrasil.exe
where %SystemDir% is the Windows system directory.
Spreading
To send infected messages, the worm uses Windows MAPI functions and "answers" messages from e-mail boxes.
Local Network
The worm scans network shared drives, looks for directories with a WIN.INI file, then copies itself there with the "666hacked.exe" name, and registers this copy in a WIN.INI file in the same "windows/run" key as above.
Other
The worm also installs a backdoor Trojan ("Backdoor.DRA") on an infected machine. To do this, it extracts backdoor code from its resources, saves it to C:ALEVIRUS.EXE and C:BACK.EXE files and spawns it.
The worm creates the dekoy file C:SitesDeSexo.doc, and writes the following text there:
Estes são os melhores sites de SEXO da internet confira :)
The the worm writes a list of porno sites and opens this file.
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Bishkek
Description Macro.Word.Bilbo
This macro virus contains six macros: FileOpen, FileSave, FileExit, AutoOpen, AutoExec, and Bilbo. It infects the documents and global macros area on FileSave and AutoOpen. Starting from the 10th of each month, this virus, on AutoExit, displays a MessageBox with the following text:
Bilbo Baggins was here!
Macro.Word.BlackDeath
Description Macro.Word.Bilbo
This macro virus contains six macros: FileOpen, FileSave, FileExit, AutoOpen, AutoExec, and Bilbo. It infects the documents and global macros area on FileSave and AutoOpen. Starting from the 10th of each month, this virus, on AutoExit, displays a MessageBox with the following text:
Bilbo Baggins was here!
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Magnus Östberg
BetjÄnten Ab
Ss Motor
AUTO ELEKTRA HANDELSBOLAG
Nya Larssons AllstÄd
|