December 25, 2010

"Here you have" Virus

''Here You Have'' is one of the widely spread viruses on the internet these days. It comes as an email to inbox and states like  as the subject  "Subject: Here you have or Just for you". It is also called

W32/VBMania@MM  




The message gives you a link that gives us a pdf file download which indeed is a link that downloads .scr files. in the body of the message stating as:


 This is The Document I told you about,you can find it Here.
http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf

 Please check it and reply as soon as possible.

Cheers,
or
Hello:

This is The Free Dowload Sex Movies,you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv 



When a user chooses to manually follow the hyperlink, they will be prompted to download or execute the virus.  When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory).  It also makes changes to the file in the location  %WINDIR%\system32\drivers\etc\hosts. Once infected the worm attempts to send the aforementioned message to email address book recipients.  It can also spread through accessible remote machines, mapped drives, and removable media via Autorun replication.

The virus is found in following  remote machines:


  • c:\N73.Image12.03.2009.JPG.scr
  • d:\N73.Image12.03.2009.JPG.scr
  • E:\N73.Image12.03.2009.JPG.scr
  • F:\N73.Image12.03.2009.JPG.scr
  • G:\N73.Image12.03.2009.JPG.scr
  • H:\N73.Image12.03.2009.JPG.scr
  • New Folder\N73.Image12.03.2009.JPG.scr
  • music\N73.Image12.03.2009.JPG.scr
  • print\N73.Image12.03.2009.JPG.scr
It can access the network drives as well. It creates an exe file named open.exe in each and every drive it attacks which is pointed by autorun.inf  and it stops most of the security program's services. It downloads files with extensions


  • ff.iq
  • gc.iq
  • ie.iq
  • im.iq
  • m.iq
  • op.iq
  • pspv.iq
  • rd.iq
  • w.iq
  • SendEmail.iq
  • hst.iq
  • tryme.iq
Many anti-virus companies like McAfee, Symantec and other companies are researching on this and they have released free removal tools for stopping the initial low threat level versions of this. They will come with added protecting tools very soon.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More