New virus out there, not sure how good it is at spreading, but the
payload is highly destructive. Update your virus signatures...
- Tony Drews
>From Computer Associates:
=============================================
Win32/Vote.A.Worm
=============================================
Vote is a new worm that spreads through email
using MAPI and the Microsoft Outlook Address
Book.
Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !
Body:
Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.exe
The worm then opens 2 Microsoft Internet
Explorer applications with URLs directed at
websites with malicious content.
The worm also drops 2 VBS trojan files into
the Windows and System directories. The first
trojan, C:\Windows\MixDaLaL.vbs, attempts to
overwrite any HTML/HTM files on both local and
network drives. The 2nd trojan,
C:\Windows\System\ZaCker.vbs, attempts to
delete all files in the Windows directory.
It then modifies autoexec.bat to reformat the
C: drive upon reboot.
The worm makes two registry modifications:
HKLM\Software\Windows\CurrentVersion\Run\Norton.Thar =
"C:\Windows\System\ZaCker.vbs"
HKCU\software\microsoft\internet Explorer\main\start Page =
"http:
//us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk"
|