Nuovo Virus in circolazione

[Bilancino]

Ho letto sul televideo Rai pagina 160 la presenza di un nuovo virus che si presenta con l'allegato WTC.exe e messaggio Pace tra l'America e l'Islam.

Fate attenzione!!!!


Ciao

[Bilancino]

Mi rispondo da solo comunque ecco nuove informazioni:

Name: WarVote.A@mm
Aliases: Vote, W32.Vote.A@mm, W32/Vote@MM, Troj_Vote.A, W32/Vote-A
Type: Internet Worm

Description:

WarVote.A@mm is a mass mailing internet worm written in Visual Basic. It arrives as an attachment to an email that contains the following information:



Subject: Fwd:Peace BeTween AmeriCa and IsLaM !
Message: Hi

iS iT waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.exe

When the attachment is double clicked the worm is executed, and will begin emailing copies of itself to each recipient in the Microsoft Outlook address book. It will then attempt to delete the contents of several folders that contain installation information for certain antivirus products, including Command Software. WarVote.A@mm will also search all available fixed and network drives for files with the extensions .htm and .html; if found, they will be overwritten.

Ciao a Tutti e Attenzione!!!

[daitan]

avevo letto anche io qualcosa.....

...WTC =World trade center

[Bilancino]

Qualche minuto fa ho trovato pure questo:



When the worm is run it will send itself to entries in your Outlook address book. It will drop and run a Visual Basic
script in c:\windows\mixdalal.vbs. This script will search all drives (hard disks and network drives) for web
pages with the HTM or HTML extension.

The worm will overwrite these files with the single line of text

AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You .

The worm sets the browser homepage to

us.f1.yahoofs.com

which will download a file called TimeUpdate.exe onto your computer. This file is a password stealing trojan and
is detected as Troj/Barrio

The worm attempts to remove various anti virus products by deleting the following directories:

C:\Program Files\AntiVirus Toolkit Pro
C:\eSafe\Protect
C:\Program Files\Command Software\F-PROT95
C:\PC-Cillin 95
C:\PC-Cillin 97
C:\Program Files\Quick Heal
C:\Program Files\FWIN32
C:\Program Files\FindVirus
C:\Toolkit\FindVirus
C:\f-macro
C:\Program Files\McAfee\VirusScan95
C:\Program Files\Norton AntiVirus
C:\TBAVW95
C:\VS95

The worm will drop another script in C:\windows\system\zacker.vbs and add the registry entry

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton.Thar = C:\windows\system\zacker.vbs

to ensure that the script is run on next startup.

Both vbs scripts are detected as VBS/Vote-A by the W32/Vote-A ide

The zacker.vbs script attempts to delete all files in the windows directory and will append the line
'echo y | format C:' to C:\autoexec.bat so that the hard drive will be formatted on the next reboot.

The script then displays a message box with the text

I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker !!!

and attempts to shutdown windows.