VIRUSUL SAPTAMANII

W32/Mimail.t@MM Dupa aparitia unui virus extrem de periculos, ce a afectat calculatoarele din intreaga lume, si care mai este inca in circulatie, in spatiul virtual au faost lansate noi amenintari.

W32/Mimail.t@MM
Dupa aparitia unui virus extrem de periculos, ce a afectat calculatoarele din intreaga lume, si care mai este inca in circulatie, in spatiul virtual au faost lansate noi amenintari. Din fericire, nu la fel de periculoase, fiind variante modificate ale unor virusi mai vechi. Din nou email-ul este mediul preferat de propagare a amenintarilor informatice. W32/Mimail.t@MM vine in varianta executabila (14.880 bytes) sau arhivat zip (13.503 bytes). E-mail-ul infectat are urmatoarea forma: De la: "Nancy" Subiect: Re:Gollum Hi Gollum its Nancy., I was shocked, when I found out that it wasn't you but your twin brother!!! That's amazing, you're as like as two peas. No one in bed is better than you Gollum. I remember, I remember everything very well, that promised you to tell how it was, I'll give you a call today after 9. ... omitted ... I'm so thankful to you, for acquainted me to your brother. I think we can do it on the next Saturday all three together? What do you think? O yes, as you wanted I've made a few pictures check them out in archive, I hope they will excite you, and you will dream of our new meeting... Atasament : * Fail.hta (un fisier zip protejat prin parola - 13,503 bytes), ce contine test.exe (14,880 bytes). * Utilizatorii vor receptiona un alt e-mail cu parola fisierului ZIP. Virusul verifica daca Internetul este accesibil pentru a se conecta la site-ul www.google.com. Sunt cautate adrese de e-mail in fisierele computerului. Se ignora fisiere de tipul: .avi; .bmp; .cab; .com; .dll; .exe; .gif; .jpg; .mp3; .mpg; .ocx; .pdf; .psd; .rar; .tif; .vxd; .wav; .zip . Totodata, virusul executa un atac la urmatoarele domenii prin cresterea traficului HTTP si ICMP: darkprofits.ws; darkprofits.cc; darkprofits.net; darkprofits.com; www.darkprofits.ws; www.darkprofits.cc; www.darkprofits.net; www.darkprofits.com. Dupa executare urmatoarele fisiere vor fi create de virus: - %Windir%\Kaspersky.exe - %Windir%\outlook.cfg - %Windir%\ ee98af.tmp Urmatoarea cheie este creata in registrii pentru ca virusul sa fie rulat la pornirea sistemului: HKEY_LOCAL_ MACHINE\ Software\Microsoft\Windows\ CurrentVersion\Run "KasperskyAV"= %WINDIR%\Kaspersky.exe. Acest virus se lanseaza numai manual, prin executarea fisierului atasat din e-mail.