PDA

Visualizza versione completa : W32/Squirm@P2P+MM - Rischio 3 - Update


Giorgius
20-08-2003, 10.40.04
E' una delle solite false Patch Microsoft in P2P contenente un Virus...

http://www.symantec.com/avcenter/graphics/w32.squirm@mm.1.gifhttp://www.symantec.com/avcenter/graphics/w32.squirm@mm.2.gif

Aliases:
W32.Squirm@mm (Symantec)

Effetti:
W32.Squirm@mm is an Internet worm that is written in C++ and is packed with PEBundle. It attempts to spread using the following methods:
By email, it sends itself to the contacts in the Microsoft Outlook Address Book, with the following message:

From: support@microsoft.com
Subject: Microsoft Security Bulletin
Message:
Unchecked Buffer in Windows Explorer Could Enable System Compromise (329390)
Summary
Who should read this bulletin: Customers using Microsoft Windows 95,98,2K,ME,XP
Impact of vulnerability: Run code of an attacker's choice
Maximum Severity Rating: Critical
Recommendation: Customers using Microsoft Windows 95,98,2K,ME,XP should apply the patch immediately.
Attachment: patch.zip or patch_329390.exe

Through file sharing applications, including KaZaA, Morpheus, eDonkey, Grokster, LimeWire, GNucleus, BearShare, Direct Connect, and ICQ, by placing itself in their default shared folders, if the programs are installed.
By using DCC, the worm sends in IRC.
The worm sends a notification to its author when a host is infected and listens on port 61282 for a connection.


Info:
http://www.symantec.com/avcenter/venc/data/w32.squirm@mm.html


AntiVirus aggiornato al 20.09.03 ;)(Y)