Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zafi.b - MEDIUM RISK (aka Erkez.B)


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:28 AM

Posted 14 June 2004 - 07:39 AM

This new highly polymorphic worm has just been escalated to Medium Risk. It has the capability of generating the text in multiple languages which contributes to it's effectiveness in spreading. Avoid all email attachments ending with EXE, COM, and PIF (which we should always do). This new worm is network aware and can spread on a Peer-to-peer basis to open file shares on PCs and Servers.

Zafi.b - MEDIUM RISK, aka Erkez.B
http://secunia.com/virus_information/9988/
http://www3.ca.com/securityadvisor/virusin...s.aspx?id=39333
http://vil.nai.com/vil/content/v_126242.htm
http://www.sarc.com/avcenter/venc/data/w32.erkez.b@mm.html
http://times.hankooki.com/lpage/tech/20040...20092511800.htm

This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).

EMAIL Format to block or avoid

From: The "From:" field of the email is spoofed.
Subject: <Blank>
Attachment: <random file name with .com, .exe, or .pif as extension>
Message: <random and different languages>

Edited by harrywaldron, 14 June 2004 - 07:40 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users