Contatti
Chi siamo
Stampa
Beta test
Language:
Italiano
English
Deutsch
Français
Español
Italiano
Português
Русский
Per utenti privati
Avira Antivirus Premium
Avira Internet Security
Per aziende
Client/Server
Avira Professional Security
Avira Server Security
Avira Business Security Suite
Avira Endpoint Security
Small Business
Gateways
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir WebGate
Avira WebGate Suite
Avira AntiVir GateWay Bundle
Avira AntiVir SharePoint
Integrazione
Anti-Malware SDK (SAVAPI)
Antispam SDK (SPACE)
Rebranding & Bundling
Servizi di integrazione
Sconto Formazione
Supporto
Per utenti privati
Panoramica
Ultime news
Tutorial video
Knowledgebase
Per le aziende
Panoramica
Ultime news
Knowledgebase
Virus Lab
Descrizioni dei virus
Statistiche
VDF History
Viruses In the Wild
Glossario dei virus
Invia il file sospetto
Download
Scarica il prodotto
Documentazione tecnica
Product Lifecycle
Aggiornamento VDF
Partner
Trova un partner
Come diventare partner di Avira
Affiliate
Free
Download
Cerca
In breve
Descrizione completa
Statistiche
Alias:
Anniv911.exe; 11september.exe
Type:
Worm
Size:
26.628 Bytes
Origin:
Date:
09-10-2002
Damage:
Sent by email.
VDF Version:
6.23.00.00
Danger:
Low
Distribution:
Low
Distribution
The worm tries to send itself using Outlook and the Windows Address Book (WAB). The email looks like this:
Subject: All people!!
Body: Dear ladies and gentlemen! The given letter does not contain viruses, and is not Spam. We ask you to be in earnest to this letter. As you know America and England have begun bombardment of Iraq, cause of its threat for all the world. It isn't the truth. The real reason is in money laundering and also to cover up traces after acts of terrorism September, 11, 2001. Are real proofs of connection between Bush and Al-Qaeda necessary for you? Please! There is a friendly dialogue between Bin Laden and the secretary of a state security of USA in the given photos. In the following photo you'll see, how FBI discusses how to strike over New York to lose people as much as possible. And the document representing the super confidential agreement between CIA and Al-Qaeda is submitted to your attention. All this circus was specially played to powder brains!! You'll find out the truth. Naked truth, instead of TV showed. For your convenience, and to make letter less, all documentary materials(photos and MS Word documents) are located in one EXE file. Open it, and all materials will be installed on your computer. You will receive the freshest and classified documents automatically from our site. It isn't a virus! You can trust us absolutely. We hope, that it will open your eyes on many things occurring in this world.
Attachment: 11september.exe
Technical Details
Worm/Chet is a massmailer. But due to a programming error, its email sending routine can not work on most of the Windows systems.
If the attachment is opened, the worm copies itself in the Windows system directory (eg C:\Windows\System\ or C:\Windows\System32\) with the name SYNCHOST1.EXE and makes the following run entry in the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]ICQ1= C:\Windows\%System%\synchost1.exe
Worm/Chet also makes a copy in C:\ named 11september.exe, which is deleted after infection.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004
Indietro
.
.
.
.
