Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Manual de usuario Pagina 26
- Pagina / 33
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
NIPC CyberNotes #2002-12 Page 26 of 33 06/17/2002
● HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Runonce = C:\<Windows system
folder>\runouce.exe
The worm also creates several EML files with the name <computername>.eml on network drives. These
EML files contain a base64-encoded copy of the worm.
W32.Alcarys.G@mm (Aliases: WORM_NEYSID.A, W32.Neysid@mm, W97M.Alcarys.G@mm,
W97M.Neysid@mm, X97M.Alcarys.G@mm, X97M.Neysid@mm) (Win32 Virus): This is a worm that
is written in Visual Basic. It requires Visual Basic runtime libraries to function on a host system. It uses
mIRC and Microsoft Outlook to spread, and it infects Microsoft Office documents and workbooks. The
worm will arrive in an e-mail with 1 of 7 randomly chosen subjects, and 4 attachments (all copies of the
worm). Three of the attachments are randomly named, and the 4th will be DISNEY.SCR. This worm
attempts to distribute itself using files on systems that may be using the Kazaa file-sharing client
application. When W32.Alcarys.G@mm is executed, it copies itself to several different locations on the
hard disk and creates many copies of itself. It adds eight copies of itself on the desktop alone. Furthermore,
it opens several Internet Explorer windows and it attempts to download an additional executable file.
W32.HLLW.Nople (Win32 Virus): This is a network-aware worm that copies itself to all remote
computers as the file C:\Winnt\Noplease_flash_movie.exe. Indications that a computer has been infected
are the presence of the Noplease_flash_movie.exe file or the message "Es hora de formatear tu disco."
W32.Pet_ticky.gen (Win32 Virus): This is a mass mailer that sends itself to all contacts in the Microsoft
Outlook Address Book. The worm is a compiled Visual Basic executable that has been compressed with
UPX. The worm arrives in an e-mail with the following characteristics:
● Subject: New Visual Tool for U
● Attachments: Visual_tool.exe
W32.Shermnar.Worm (Win32 Worm): This is a worm that attempts to spread through the peer-to-peer
Kazaa network. It creates multiple copies of itself on an infected machine under a variety of names. It may
be found as a file named NortonAntivirus2002UpdateInstaler.exe.
W97M.Locus (Word 97 Macro Virus): This is a macro virus that infects Microsoft Word documents and
templates. This virus does not contain a damaging payload. W97M.Locus activates when opening infected
documents. It checks for the presence of a high ASCII string in the macro module of host files. If the string
is not found, the virus infects the host file. This virus has this comment line in the viral body:
● 'Locust_Ver.01
W97M.Nori.A (Word 97 Macro Virus): This is a Microsoft Word macro virus that carries a potentially
very destructive payload. The payload is activated on April 1 of every year, and it deletes either all files on
your hard disk (rare) or all the text from the body of infected documents. W97M.Nori.A spreads when an
infected word document is opened or closed. It also spreads to any new document if that document is
created while an infected document is active. During execution, W97M.Nori.A turns off the following
settings in Word:
● Macro virus protection (VirusProtection)
● The prompt to confirm conversion when opening a document (ConfirmConversion)
● The prompt to confirm saving of the global template, Normal.dot (SaveNormalPrompt)
W97M.Nori.A also prevents you from viewing the Visual Basic Editor. During infection, W97M.Nori.A
creates a temporary file named C:\Iron.tmp. It uses this file to spread between documents and the global
template. After infection, the virus deletes this file.
WORM_CHIR.A (Aliases: W32/Chir@MM, I-Worm.Runouce, Win32/Chir.A@mm) (Internet
Worm): This worm propagates by sending the following e-mail to all addresses in an infected user’s
Microsoft Outlook address book:
● From: iloveyou@btamail.net.cn
● Message Body:
● Subject: Hi, i am <username>
● Attachment: P.exe
Relacionado con productos y manuales para Servidores Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
(51 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.054 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales