''Here You Have'' is one of the widely spread viruses on the internet these days. It comes as an email to inbox and states like as the subject "Subject: Here you have or Just for you". It is also called
W32/VBMania@MM
The message gives you a link that gives us a pdf file download which indeed is a link that downloads .scr files. in the body of the message stating as:
This is The Document I told you about,you can find it Here.
http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf
Please check it and reply as soon as possible.
Cheers,
or
Hello:
This is The Free Dowload Sex Movies,you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv
When a user chooses to manually follow the hyperlink, they will be prompted to download or execute the virus. When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory). It also makes changes to the file in the location %WINDIR%\system32\drivers\etc\hosts. Once infected the worm attempts to send the aforementioned message to email address book recipients. It can also spread through accessible remote machines, mapped drives, and removable media via Autorun replication.
The virus is found in following remote machines:
- c:\N73.Image12.03.2009.JPG.scr
- d:\N73.Image12.03.2009.JPG.scr
- E:\N73.Image12.03.2009.JPG.scr
- F:\N73.Image12.03.2009.JPG.scr
- G:\N73.Image12.03.2009.JPG.scr
- H:\N73.Image12.03.2009.JPG.scr
- New Folder\N73.Image12.03.2009.JPG.scr
- music\N73.Image12.03.2009.JPG.scr
- print\N73.Image12.03.2009.JPG.scr
- ff.iq
- gc.iq
- ie.iq
- im.iq
- m.iq
- op.iq
- pspv.iq
- rd.iq
- w.iq
- SendEmail.iq
- hst.iq
- tryme.iq
0 comments:
Post a Comment