Alias:W32/Cervivec@mm
Type:Worm 
Size:228.872 Bytes 
Origin: 
Date:03-26-2002 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionWorm/Cervivec is a massmailer with an 228.872 Bytes .EXE file. It sends itself by email using ICQ contacts list. Its emails are expressed in various languages:

Email1:
"Cau posilam ti cerviky tak se na to podivej (virus to neni)"

Email2: "Cau posielam ti cerviky tak sa na to pozri (virus to neni)"

Email3: "Hallo, Ich habe ein guter Witz-Wurm so sieh! (kein virus)"

Email4: "Hi, I have some cool joke - worms so have a look at it (no virus)"

Email5: "J'ai une bonne blague ca s'appelle verre de terre alors jette un coup d'oeil (il n'y a pas de virusi)"

Email6: "Czesc, mam swietnz dowci te mando los gusanilloes. Pues mirarlos (no es un virus)"

Email7: "Hola te mando los gusanilloes. Puesmirarlos (no es un virus)"

Attachment: Ntknrl.exe

Technical DetailsIf the attachment is opened, the worm is insatlled in Windows system directory as "ntkrnl.exe" and enters the following autorun registry key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]Kernel Loader=C:\WINDOWS\system32\ntkrnl.exe -LOADDRIVERS=TRUE
Then, a window is displayed, with an OK button.
The final payload is an invasion of many coloured worms on your desktop.
Descripción insertada por Crony Walker el martes 15 de junio de 2004

Volver . . . .