Virus alerts for Feb 2005 Current virus alerts here. |
We stock the most efficient anti virus program which checks for updates hourly
Get in touch for a one month free antivirus trial.
Feb 26 2005 Larissa Loves You - WORM_ASSIRAL.A WORM_ASSIRAL.A is a memory-resident worm that arrives as an email attachment. It propagates by sending copies of itself via email to addresses found in Microsoft Outlook, and by dropping a copy of itself in the root folder of all network and fixed drives connected to affected machines. It is currently spreading in-the-wild, and infecting computers running Windows 98, ME, NT, 2000, and XP. Upon execution, it drops the following files in the following locations: * %System%\MS_LARISSA.EXE The file LARISSA_ANTI_BROPIA.HTML displays text on affected machines' Internet browsers. The file MESSAGE.TXT contains the following strings: Greetz from LARISSA.B! The worm's component file, WINVBS_32.VBS, is used to propagate the email. It sends copies of itself to addresses in Microsoft Outlook, with the following details: Subject: Re: LOV YA ! This worm may also propagate through the network by dropping a copy of itself in the root folder of all network and fixed drives connected to affected machines. Certain processes that are associated with antivirus and monitoring applications are terminated by the worm, as well as certain processes associated with variants of WORM_BROPIA. View the list of terminated processes. Get in touch for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. WORM_NETSKY.P Feb 17 2005 WORM_MYDOOM.BB 12website.com received numerous infection reports indicating that this malware is spreading in Singapore and U.S. It has very similar characteristics as with WORM_MYDOOM.M. However, this new MYDOOM worm comes compressed with MEW compression tool, whereas WORM_MYDOOM.M is compressed using UPX. Like earlier MYDOOM variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol), gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. Apart from simply spreading via email, this worm also carries backdoor functionalities that leaves the infected machine vulnerable to remote access. It drops a backdoor component named SERVICES.EXE in the Windows folder, which opens TCP port 1034 and waits for outside connections. This routine virtually hands over control of the affected machine to a remote attacker. Get in touch for a one month free antivirus trial. Feb 14 Locked Up - SYMBOS_LOCKNUT.A SYMBOS_LOCKNUT.A is memory-resident malware that infects mobile devices running Symbian 7.0s Operating System, but does not propagate. It uses a vulnerability in Symbian OS v7.0s to cause a system process crash which locks the mobile device. It drops several files and folders in the C: directory of the phone, which disable several special buttons of the phone, leaving only the kepyad buttons enabled. It also infects mobile devices running Symbian OS v6.1 and v7.0 but fails to cause the system to crash. This malware usually arrives as an installation file with the following file names: * Patch_v1.sis Upon installation, this malware drops the following files and folders in the C: directory of the phone: * system\apps\gavno\gavno.app It also drops a copy of itself as PATCH.SIS in the C: directory of the phone. These files are specially crafted to disable most of the special buttons of the phone, leaving only the keypad buttons enabled. It can also infect mobile devices running Symbian OS v6.1 and v7.0 but fails to cause the system to crash. Get in touch for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. WORM_NETSKY.P Feb 8 2005 MSN Messenger Worm - Funky Chicken - WORM_BROPIA.F On February 3 a Medium Risk alert was declared for WORM_BROPIA.F Upon execution, this worm drops a copy of itself in the Windows system folder MSNUS.EXE. It also drops a copy of itself in the root folder (usually C:\) using any of the following file names: * Bedroom-thongs.pif It also drops and executes the file SEXY.JPG in the same folder. This .JPG file displays an image. The worm propagates via MSN Messenger by sending a copy of itself to all online contacts, using any of the file names listed above. It also attempts to propagate via Windows Messenger, however, the application automatically blocks the file transfer. This worm attempts to drop and execute the file CZ.EXE in the root folder. If successfully dropped, the file CZ.EXE then drops and executes a copy of itself in the Windows system folder as WINHOST.EXE. However, it first checks whether any of the following malicious files already exist on the affected system: * DNSSERV.EXE If any of these files already exist, the worm will not drop the file WINHOST.EXE and will instead proceed with its propagation routine. This worm also has an anti-debugging technique. It will not run if any of the following debugging applications are currently running on the affected system: * NT-ice It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications. Get in touch for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. WORM_NETSKY.P Get in touch for a one month free antivirus trial. 12website has a maintenance program for our clients to ensure their will not be 'let down' by an inefficient computer. Computer maintenance is necessary to keep your machine running smoothly without down time. |