Win32.Frethem.F@mm
0Tip: Executable Mass Mailer Marime: ~35Kbytes Raspandire: Medie Risc: Foarte scazut ITW: Nu Simptome: - Fisierul setup.exe in directorul StartUp (de obicei in C:\Windows\Start
Tip: Executable Mass Mailer Marime: ~35Kbytes Raspandire: Medie Risc: Foarte scazut ITW: Nu Simptome: - Fisierul setup.exe in directorul StartUp (de obicei in C:\Windows\Start Menu\Programs\StartUp sau in %USERPROFILE%\Start Menu Programs\StartUp) Descriere tehnica: Acest virus este un Internet worm care se raspandeste prin e-mail ca fisier atasat. Virusul este scris in Visual C si este comprimat cu UPX si PePack. Un e-mail infectat are urmatoarea forma: From: Subject: Re: Your password! Body: ATTENTION! You can access very important information by this password DO NOT SAVE password to disk use your mind now press cancel Attachments: ,password.txt B: Your password placed in password.txt yourpassword.exe C: Your password placed in password.txt yourpassword.exe D: decrypt-password.exe E: Your password placed in password.txt yourpassword.exe F: decrypt-password.exe Prima varianta (Win32.Frethem .F@mm) are, pentru e-mail-uri, urmatoarea forma: Subject: Re: Do your Windows looks like Windows XP? I have found very nice desktop themes! Body: Hello! Do you like modern design of new Windows XP?! I have found FREE and easy to use desktop themes! You can open attach with web site and samples! Enjoy it!!! www.freedesktopthemes.com E-mail-ul contine, de asemenea, vulnerabilitatea IFRAME (descrisa de Microsoft la adresa htto://www.microsoft.com/technet/security/bulletin/MS01-020.asp) astfel incat daca utilizatorul isi citeste e-mail-ul cu o versiune neactualizata a Microsoft Outlook sau Microsoft Outlook Express, va fi infectat cand vizualizeaza mesajul in fereastra de previzualizare. Virusul se copiaza ca setup.exe in directorul StartUp (asa cum am aratat in sectiunea "Simptome"). Virusul foloseste serverele SMTP ale victimei si e-mail-urile aflate in Windows Address Book (folosite de Outlook Express) si in fisierele DBX pentru a trimite e-mail-uri infectate. Nota: Virusii din aceasta rubrica au fost studiati de Softwin si pot fi eliminati cu antivirusul romanesc BitDefender (AVX).