Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:
Type:Worm 
Size:25.088 Bytes 
Origin: 
Date:12-01-2000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:High 

DistributionIt searches all traffic on the network or Internet for email addresses. The email has the following structure:

From: Hahaha %hahaha@sexyfun.net%

Subject: Snowhite and the Seven Dwarfs ? The REAL story Branca de Neve prono! Enanito si, pero con Sque pedazo Les 7 coquir nains

Body: Today, Snowhite was turning 18. The 7 Drawfs always where very educated and polite with Snowwhite. When thy go out work at mornign, they promissed a ..... C? etait un jour avant son dix huitiem anniversaire. Les 7 nains, qui avaient aid ?blanche neige? toutes ves annes aprs qu?elle se soit enfuit.....

Attachment: sexy virgins.scr joke.exe atchim.exe dunga.scr midgets.exe blancheneige.exe enano.exe enano porno.exe blanca de nieve.scr enanito fisgon.exe sexynain.scr blanche.scr nains.exe branca de neve.scr ano pron.scr famous.exe celebrity rape.exe leather.exe sex.exe hottest.exe cum.exe cumshot.exe Anna.exe Raquel Darian.exe Xena.exe Xuxa.exe Suzete.exe horny.exe anal.exe gay.exe oral.exe pleasure.exe sexy.exe hot.exe asian.exe lesbians.exe teens.exe virgins.exe boys.exe girls.exe messy.exe kinky.exe fist-fucking.exe amateurs.exe cheerleader.exe SM.exe sado.exe suck.exe orgy.exe black.exe blonde.exe sodomized.exe hardcore.exe slut.exe doggy.exe

Technical DetailsIf Windows uses WSOCK32.DLL and the worm can not change it, it makes a copy of the file, modifies the copy and using WININIT.INI, it will cause the replacement of the original with the altered file by the next system start.


Next, the worm creates a random file in Windows directory, containing its code and makes the registry entries: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName

If WSOCK32.DLL is infected, the worm searches the network and the Internet through it. HYBRIS is known to have converted its own Plugins to send itself to the server.
설명 삽입자 Crony Walker   2004년 6월 15일 화요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.