Pijume Diwesi
Tue, 04 Dec 2001 12:04:08 -0800
Otro jeroztico de verdad! tomen nota suspersonas!
Nestor Raul
---------- Forwarded message ----------
Date: Tue, 4 Dec 2001 13:26:00 -0600
From: USMMAIL <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: New Virus Reported - Do not open Gone.scr!
W32.Goner.A@mm
Discovered on: December 4, 2001
Last Updated on: December 4, 2001 at 07:33:12 AM PST
W32.Goner.A@mm is a mass-mailing worm written in Visual Basic. The worm has
also been compressed using a known file compressor. The worm can also spread
it's infection using the ICQ and IRC network. It finds certain files in
memory and then terminates the processes of these found files. Thereafter,
it executes its destructive payload of deleting files.
Detected by Trend pattern file#: 177 or 977
Type: Worm
Infection Length: 38,912 bytes
Virus Definitions: December 4, 2001
Threat Assessment:
Damage:
Payload:
Large scale e-mailing: Send itself to all users in Outlook Address Books
Deletes files: Attemps to delete NAV when the machine is restarted.
Distribution:
Subject of email: Hi
Name of attachment: Gone.scr
Size of attachment: 38Kbytes
Technical description:
In the background the worm starts iterating the Microsoft Outlook Addressbook.
It sends itself to all addresses it finds.
Finally, the worm will display the following fake errormessage.
"Error While Analyze DirectX!
=============================================================================
Si necesita retirarse de la lista envie un mensaje a:
[EMAIL PROTECTED]
con una unica linea :
unsubscribe r-caldas
Para inscribirse en la lista envie un mensaje a [EMAIL PROTECTED]
con una unica linea :
subscribe r-caldas
Los mensajes que circulan en la lista los puede consultar en :
http://www.mail-archive.com/r-caldas@colciencias.gov.co