andsome Posted November 9, 2003 Report Share Posted November 9, 2003 - Weekly virus report - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)Madrid, November 9, 2003 - This week's report on malicious code will focuson a worm called Darker.A and four variants of Mimail.Darker.A reaches computers in an e-mail message that includes an attachedfile and tries to trick the user into thinking that the attachment is auseful computer application. When this file is run, the worm sends itselfout to the contacts it finds on the affected computer (in programs likeOutlook or MSN Messenger or in files with certain extensions -WAB, HTM,HTML, TXT, etc.-). This malicious code also tries to spread through thefollowing P2P (peer to peer) file sharing programs: KaZaA, Morpheus andGrokster.Darker.A replicates by creating copies of itself without infecting otherfiles. It also connects to an IRC server in order to allow hackers to gainremote access to the compromised computer and carry out different actions.These actions include: downloading, running and deleting files, obtaininginformation on the system, closing antivirus applications and running ICMPcommands.The E, F, G and H variants of Mimail spread in an e-mail message with thesubject 'don't be late!' and an attached file called READNOW.ZIP. When thisfile is decompressed, it creates a file with a double extension calledREADNOW.DOC.SCR.These variants of Mimail are designed to send themselves out via e-mailusing their own SMTP engine. Similarly, they try to launch Denial of Service(DoS) attacks on several websites and go memory resident in the computer.The differences between these variants include the following:- The servers they launch Denial of Service attacks on: Variants E and Ftarget spews.org, spamhaus.org and spamcop.net, whereas variant F attacksfethard.biz and fethard-finance.com, and the objective of variant G ismysupersales.com. - All four variant are written in the C programming language with the LCCWin32 compiler. They are 10,784 bytes in size when compressed with UPX andwhen they are decompressed, the size of variants E, F and H increases to23,072 bytes, whereas the size of variant G increases to 22,560 bytes. Unlike Mimail and Mimail.B, variants E, F, G and H do not exploit theCodebase and MHTML vulnerabilities to spread.For further information about these and other malicious code, visit PandaSoftware's Virus Encyclopedia at:http://www.pandasoftware.com/virus_info/encyclopediaNOTE: The address above may not show up on your screen as a single line.This would prevent you from using the link to access the web page. If thishappens, just use the 'cut' and 'paste' options to join the pieces of theURL.------------------------------------------------------------To unsubscribe from Oxygen3 24h-365d, please visit:http://www.pandasoftware.com/unsubscribe.aspTo contact with Panda Software, please visit:http://www.pandasoftware.com/about/contact/------------------------------------------------------------ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.