oblongmelon
09-04-2001, 05:48 PM
Here's the latest-thank god for AVG for if it wasn't for their notifications I'd be infected to high heaven.
DESCRIPTON:
I-Worm/Apost
------------
It is a new mass mailing worm written in Visual Basic.
The worm is spreading as a file README.EXE in messages with the
subject:
As per your request!
and the body:
Please find attached file for your review.
I look forward to hear from you again very soon.
Thank you.
When is the README.EXE file is executed it copies itself into Windows
directory and create in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
a value named "macrosoft"
pointing to the dropped copy of the worm.
Then the worm takes email addresses from Outlook address book
and starts sending itself.
Next, it displays a message box with a button 'Open'. When
you click on it, a fake error message appears:
WinZip SelfExtractor: Warning
CRC eror: 234#21
Update 276, that detects this worm, is ready on our web.
DESCRIPTON:
I-Worm/Apost
------------
It is a new mass mailing worm written in Visual Basic.
The worm is spreading as a file README.EXE in messages with the
subject:
As per your request!
and the body:
Please find attached file for your review.
I look forward to hear from you again very soon.
Thank you.
When is the README.EXE file is executed it copies itself into Windows
directory and create in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
a value named "macrosoft"
pointing to the dropped copy of the worm.
Then the worm takes email addresses from Outlook address book
and starts sending itself.
Next, it displays a message box with a button 'Open'. When
you click on it, a fake error message appears:
WinZip SelfExtractor: Warning
CRC eror: 234#21
Update 276, that detects this worm, is ready on our web.