|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
19-09-2003, 22.59.40 | #1 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Worm.W32/Yahaa.W@MM - Rischio 4 - Update
(ASCA) - Roma, 19 set - Un nuovo identity file (Ide) e' disponibile sul sito di Sophos e sara' incluso nella versione di novembre 2003 (3.75) di Sophos Anti-Virus. Finora Sophos ha ricevuto solo una segnalazione su W32/Yaha-W, un worm costituito da un file a 32 bit. Questo worm e' anche noto come I-Worm.Lentin.q, W32/Yaha.x@MM virus, W32.Yaha.AB@mm, WORM_YAHA.U. Maggiori informazioni su W32/Yaha-W sono disponibili all'indirizzo www.sophos.com/virusinfo/analyses/w32yahaw.html. E' possibile scaricare il file Ide da www.sophos.com/downloads/ide/yaha-w.ide. Per informazioni su come usare i file Ide: www.sophos.com/support/faqs/usingides.html. L'ennesima variante di questo Worm, ma pare che abbia uno sviluppo della sua diffusione già da oggi come il Worm "Swen". Effetti: This YAHA variant attempts to propagate via email and shared network drives. It logs keystrokes on the machine and sends it to an email address. It terminates antivirus-related processes on the system and prevents the following applications from running: Process Viewer Registry Editor System Configuration Utility Windows Task Manager It tries to launch denial of service (DoS) attacks against the following Web sites: jamaat.org pak.gov.pk klc.org.pk ummah.org.uk piac.com.pk Aside from propagating via shared network drives, this worm uses its own Simple Mail Transfer Protocol (SMTP) engine to send copies of itself via email to addresses found in the following: Windows Address Book ListCache of .NET messenger ListCache of MSN messenger Yahoo profiles ICQ profiles \*HoTMaiL*.*ht* (All files with file names containing the string “HoTMaiL" and extensions containing "ht".) \*.*ht* (All files with file names containing the extension "ht".) Info: http://www.trendmicro.com/vinfo/viru...me=WORM_YAHA.W Occhio è pericoloso per la stabilità di Windows Aggiornamento AntiVirus al 19.09.3 (Y) Ultima modifica di Giorgius : 19-09-2003 alle ore 23.09.52 |
20-09-2003, 11.12.21 | #2 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Info sui file E-Mail allegati contenenti la variante "W" di Yahaa:
BE_HAPPY.SCR BEAUTIFULL.SCR BEST_FRIEND.SCR BODY_BUILDING.SCR BRITNEY_SAMPLE.SCR CODEPROJECT.SCR COLOUR_OF_LIFE.SCR CUPID.SCR DANCE.SCR FIXELKERN.COM FIXKLEZ.COM FREAKOUT.EXE Free_Love_Screensavers.scr FRIEND_FINDER.EXE FRIEND_HAPPY.SCR FRIENDSHIP.SCR FRIENDSHIP_FUNNY.SCR FUNNY.SCR GC_MESSENGER.EXE HACKER.SCR Hacker_The_LoveStory.scr HARDCORE4FREE.SCR HOTMAIL_HACK.EXE I_LIKE_YOU.SCR I_Love_You.scr JENNA_JEMSON.SCR King_of_Figthers.exe KOF.EXE KOF_DEMO.EXE KOF_FIGHTING.EXE KOF_SAMPLE.EXE KOF_THE_GAME.EXE KOF2002.EXE LIFE.SCR LOVE.SCR MY_SEXY_PIC.SCR MYPIC.SCR MYPROFILE.SCR NOTES.EXE PEACE.SCR PLAYBOY.SCR PLUS2.SCR PLUS6.SCR PROJECT.EXE RAVS.SCR REAL.SCR ROMANTIC.SCR ROMEO_JULIET.SCR SCREENSAVERS.SCR SERVICES.SCR Sex.scrSoccer.scr SEXY_JENNA.SCR SHAKE.SCR SQL_4_FREE.SCR STONE.SCR SWEET.SCR SWEETHEART.SCR THE_BEST.SCR THEROCK.SCR TRUE_LOVE.SCR UP_LIFE.SCR VALENTINES_DAY.SCR VXer_The_LoveStory.scr Ways_To_Earn_Money.exe WORLD_OF_FRIENDSHIP.SCR WORLD_TOUR.SCR XXX4FREE.SCR ZDENKA.SCR ZXXX_BROWSER.EXE |
20-09-2003, 11.13.47 | #3 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Info sulle frasi in oggetto delle Mail infette da Yahaa.W:
XXX Screensavers XXX Screensavers 4 U World Tour WWE Screensavers Whats up Who is your Valentine We want peace Wanna Rumble ?? Wanna Hack ?? Wanna Brawl ?? Wanna be my sweetheart ?? Wanna be like a stone ? Wanna be friends ?? Things to note Visit us Sexy Screensavers 4 U The King of KOF Screensavers from Club Jenna Sample Screensavers Sample Playboy Sample KOF 2002 Project Patch for Klez.H Play KOF 2002 4 Free Patch for Klez.H Patch for Elkern.gen Need money ?? Lovers Corner Learn SQL 4 Free I Love You.. Jenna 4 U HE-MAN Free XXX Hardcore Screensavers 4 U Free Win32 API source Free Screensavers Free Screensavers Free Screensavers 4 U Free Screensavers 4 U Free Screenavers of Love Free rAVs Screensavers Free Demo Game Freak Out Feel the fragrance of Love Demo KOF 2002 Check it out Check it out Check it out Are you the BEST Are you beautiful Are you a Soccer Fan ? |
20-09-2003, 11.32.47 | #4 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
E' stata rilasciata la nuova Release Stinger v1.8.6 Download: Mirror: http://download.nai.com/products/mca...rt/stinger.exe Rileva: This version of Stinger includes detection for all known variants, as of September 19, 2003: BackDoor-AQJ Bat/Mumu.worm Exploit-DcomRpc IPCScan IRC/Flood.ap IRC/Flood.bi IRC/Flood.cd NTServiceLoader PWS-Narod PWS-Sincom W32/Bugbear@MM W32/Deborm.worm.gen W32/Dumaru@MM W32/Elkern.cav W32/Fizzer.gen@MM W32/FunLove W32/Klez W32/Lirva W32/Lovgate W32/Lovsan.worm W32/Mimail@MM W32/MoFei.worm W32/Mumu.b.worm W32/Nachi.worm W32/Nimda W32/Sdbot.worm.gen W32/SirCam@MM W32/Sobig W32/SQLSlammer.worm W32/Swen@MM W32/Yaha@MM |
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
Discussioni simili | ||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
AutoPatcher Vista June 2007 | giancarlof | Segnalazioni Web | 4 | 07-08-2007 22.16.05 |
Bios Updates | Billow | Archivio News Web | 0 | 08-11-2004 10.28.25 |
Bios Updates | Billow | Archivio News Web | 0 | 04-10-2004 18.04.22 |
Bios Updates | Billow | Archivio News Web | 0 | 17-09-2004 11.37.53 |
Bios Updates | Billow | Archivio News Web | 1 | 15-09-2004 01.08.01 |