Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
ALERT:Reteras Redux: The Worm Returns
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="net1" data-source="post: 26230"><p>Type: Worm</p><p>Aliases: W32.Sobig.F@mm, WORM_SOBIG.F, I-Worm.Sobig.f, W32/Sobig.F-mm</p><p>Vulnerable Operating Systems: Windows 95/98/ME/NT/2000/XP.</p><p>How It Infects: Through infected email attachments or shared network folders.</p><p></p><p>What It Does:</p><p>- Scours files on your hard drive for email addresses, then sends infected email to the addresses it finds.</p><p>- Spoofs (mimics) the From: email address to make people think the message is from you or someone they might know. The email address will either be one found on your computer or <a href="mailto:admin@internet.com">admin@internet.com</a>.</p><p>- Modifies your computer's registry so that it loads itself whenever Windows starts.</p><p>- Places infected files onto your computer.</p><p>- Infects networked computers through their shared folders.</p><p>- Attempts to contact a list of web servers and access an address where it can download files to your computer, files such as spyware, trojans, or newer versions of itself.</p><p>- Reportedly, Win32.HLLM.Reteras may use your computer as a relay server for spam.</p><p>- Stops its mass mailing on September 10, 2003, although the computer is still infected and needs to have the worm removed completely. If this worm follows its previous versions, it is expected to make some changes to the subject lines or attachment names, and change the registry and file entries it makes. We will continue to update Stop-Sign to remove this worm.</p><p></p><p>The email subject line may include any of the following:</p><p>Re: Approved</p><p>Re: Details</p><p>Re: Re: My details </p><p>Re: Thank you!</p><p>Re: That movie</p><p>Re: Your application</p><p>Re: Wicked screensaver</p><p>Thank you!</p><p>Your details</p><p></p><p>The body of the email message is either "See the attached file for details" or "Please see the attached file for details."</p><p></p><p>The email attachment is randomly selected from:</p><p>your_document.pif</p><p>document_all.pif</p><p>thank_you.pif</p><p>your_details.pif</p><p>details.pif</p><p>document_9446.pif</p><p>application.pif</p><p>wicked_scr.scr</p><p>movie0045.pif</p><p></p><p>Files with the following file extensions are searched for email addresses used to propagate the worm: </p><p>.dbx</p><p>.eml</p><p>.hlp</p><p>.htm</p><p>.html</p><p>.mht</p><p>.wab</p><p>.txt</p></blockquote><p></p>
[QUOTE="net1, post: 26230"] Type: Worm Aliases: W32.Sobig.F@mm, WORM_SOBIG.F, I-Worm.Sobig.f, W32/Sobig.F-mm Vulnerable Operating Systems: Windows 95/98/ME/NT/2000/XP. How It Infects: Through infected email attachments or shared network folders. What It Does: - Scours files on your hard drive for email addresses, then sends infected email to the addresses it finds. - Spoofs (mimics) the From: email address to make people think the message is from you or someone they might know. The email address will either be one found on your computer or [email]admin@internet.com[/email]. - Modifies your computer's registry so that it loads itself whenever Windows starts. - Places infected files onto your computer. - Infects networked computers through their shared folders. - Attempts to contact a list of web servers and access an address where it can download files to your computer, files such as spyware, trojans, or newer versions of itself. - Reportedly, Win32.HLLM.Reteras may use your computer as a relay server for spam. - Stops its mass mailing on September 10, 2003, although the computer is still infected and needs to have the worm removed completely. If this worm follows its previous versions, it is expected to make some changes to the subject lines or attachment names, and change the registry and file entries it makes. We will continue to update Stop-Sign to remove this worm. The email subject line may include any of the following: Re: Approved Re: Details Re: Re: My details Re: Thank you! Re: That movie Re: Your application Re: Wicked screensaver Thank you! Your details The body of the email message is either "See the attached file for details" or "Please see the attached file for details." The email attachment is randomly selected from: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Files with the following file extensions are searched for email addresses used to propagate the worm: .dbx .eml .hlp .htm .html .mht .wab .txt [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
ALERT:Reteras Redux: The Worm Returns
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top
