Colext/Macondo
Cantina virtual de los COLombianos en el EXTerior
--------------------------------------------------
Virus Name
W32/Matcher@MM
Date Added
4/18/01 9:14:30 AM
Virus Characteristics
This threat is detected heuristically with the current engine and 4096 DATs
(released in September, 2000) as "New Backdoor". Specific detection is
included in the 4134 DATs.
This mass mailing worm requires the Visual Basic 6 (or higher) runtime
library to function. When run, it copies itself to the WINDOWS SYSTEM
directory as Matcher.exe and creates a registry run key to load the worm at
startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\(Default)=%SysDir%\matcher.exe
Once running, the program attempts to email itself to everyone in the
Outlook Address book using the following information:
Subject: Matcher
Body: Want to find your love mates!!! Try this its cool... Looks and
Attitude Maching to opposite sex.
Attachment: Matcher.exe
The worm also attempts to modify the AUTOEXEC.BAT file as follows:
@echo off
echo from: Bugger
pause
--------------------------------------------------------------
To unsubscribe send an email to: [EMAIL PROTECTED]
with UNSUBSCRIBE COLEXT as the BODY of the message.
Un archivo de colext puede encontrarse en:
http://www.mail-archive.com/[email protected]/
cortesia de Anibal Monsalve Salazar
