|
PureBytes Links
Trading Reference Links
|
Kapersky Labs reports new Internet viruses on the loose.
--------------------------------------------------------
Kaspersky Lab warns users of the notable activity of
several dangerous Internet-worms occurring at this time.
Kaspersky Lab has been receiving reports from users, whose
computers have been infected by the Internet-worm Hybris.
Recently, Kaspersky Lab informed users of this worm's danger,
and we reiterate that this virus is a very complex malicious code
that can be updated by its author through his own Web page or
through an anti-virus conference alt.comp.virus, which is already
replete with this virus' components.
Also still active is an Internet-worm called Navidad, and although
it is fairly harmless, it still causes users trouble. The infected
e-mail contains an embedded file and the following message in
Spanish: "Nunca presionar este boton" (never click on this button).
By clicking on this button, a user causes himself headaches,
because on the screen appears a dialogue box that tells the user
he has lost his computer due to his curiosity. However, in reality,
this malicious code is easily deleted.
The first reports of the Internet-worm Music arrived at Kaspersky Lab
already a week and a half ago, and we estimate that this worm has all
the chances of becoming an epidemic.
An entertaining payload hiding the worm's main activity accompanies
this virus, displaying a Christmas scene and playing a carol.
Music-worm contains the following Subject and Texts:
Subject: Testing to send file Text: Hi, just testing email using
Merry Christmas music file, not bad music.
or:
Text: Hi, just testing email using Merry Christmas music file,
you'll like it.
"Music" has the ability to upgrade its components from an Internet
site. This malicious utility downloads three files from there (that are
supposed to be its plugins) detects their versions, and if these versions
are above those currently used, the worm replaces its components with
new ones. So the worm is able to change its functionality depending
on its author's needs.
Another Internet-worm that has attracted the attention of Kaspersky
Lab's specialists is called Blebla, which was discovered on November 16
in Poland. Several reports also have been received from Denmark. The
worm appears as an e-mail message in HTML format and has two attached
files: MYJULIET.CHM and MYROMEO.EXE.
The worm's specifics are that for the start of the malicious program, no
opening attached file is needed. The worm activates itself automatically
when an infected message is being opened or previewed. To activate
itself, the worm exploits a vulnerability in the Windows scripting security:
the first part of the malicious utility contains a script program that is
automatically executed by this operating system. As a result, the
CHM-component of the message (the MYJULIET.CHM file) is loaded
and activated, which in turn executes the MYROMEO.EXE file that is
the main worm body itself.
When the malicious programme runs, it opens the Address Book, reads
E-mail addresses from there and sends its HTML message with the
attached CHM and EXE files to there. The message has a Subject that
is randomly selected from the following list:
Romeo&Juliet
:))))))
hello world
!!??!?!?
subject
ble bla, bee
I Love You ;)
sorry...
Hey you !
Matrix has you...
my picture
from shake-beer
Protection procedures thwarting all of the above-mentioned Internet
worms have been added to the Kaspersky Anti-Virus (AVP) anti-virus
database.
|