IIS-Worm.CodeGreen.a
Description IIS-Worm.CodeGreen.a
This is an Internet worm that targets Web sites by infecting Internet Information Servers (ISS). The worm completes the method of spreading from one Web site to other Web sites by sending and executing its code on remote machines in a similar way to the "CodeRed" IIS worm.
This worm, like the "CodeRed" worm, randomly scans IP addresses and attacks remote IIS servers by using a buffer-overrun exploit.
The main feature of this worm is its "anti-worm" functions. Upon being run on infected machines, it cleans-up and:
erases traces of the "CodeRed" worm, then displays a message (see below)
downloads and spawns a Microsoft patch that fixes the problem with IIS worms of this type
The message is as follows:
Des HexXer's CodeGreen V1.0 beta
CodeGreen has entered your system
it tried to patch your system and
to remove CodeRedII's backdoors
You may uninstall the patch via
SystemPanel/Sofware: Windows 2000 Hotfix [Q300972]
get details at "www.microsoft.com".
visit "www.buha-security.de"
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Employ
Description Macro.Word.Employ
This virus contains only one macro "autoopen" and replicates itself on opening documents.
Since July 14th 1997 depending on the system random counter it hides the status bar, scroll bars, install blue bacround or etc. The virus also inserts into documents the text:
Les employ s les plus incomp tents sont syst matiquement promus aux postes
o· ils se r v lent le moins dangereux: l'encadrement.
Macro.Word.EMT
Description Macro.Word.EMT
This is an encrypted Word macro virus. It contains one macro named AutoOpen in documents and AutoClose in NORMAL.DOT.
It infects the global macro area on opening an infected document, and other documents when they are closed. Depending on the random counter the virus displays the MessageBox:
EMT97
|