[Previous Months][Date Index][Thread Index][Join - Register][Login]
[Message Prev][Message Next][Thread Prev][Thread Next]

[IP] Virus Warning re:insulin-pumpers-digest V5 #166

Apparently another virus is hitting this list...here's some info copied from 
McAffee's website:

W32/email @ redacted Help Center 
>DESCRIPTION - What virus is this? W32/email @ redacted is a Medium Risk 
mass-mailing worm that drops a remote access Trojan. The virus arrives via 
email in Microsoft Outlook and attempts to send itself by replying to unread 
email messages. The email may contain the text "Take a look to the attachment
" in the message body and will contain an attachment that is 13,312 bytes in 
length and uses one of the following names:Card.pif
news_doc.scr    Me_nude.AVI.pif
>PAYLOAD - What can this virus do?If the attachment is opened, the worm 
displays a message box entitled, "Install error" which reads, "File data 
corrupt: probably due to a bad data transmission or bad disk access." A copy 
is saved into the WINDOWS directory as INETD.EXE and an entry is entered into 
the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor Trojan), 
and HKSDLL.DLL (a valid keylogger DLL) are written to the WINDOWS SYSTEM 
directory, and a registry entry is created to load the Trojan upon system 
startup. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce\kernel32=kern32.exe Once running, the Trojan attempts to mail the 
victim's IP Address to the author. Once this information is obtained, the 
author can connect to the infected system via the Internet and steal personal 
information such as usernames, and passwords. In addition, the Trojan also 
contains a keylogger program which is capable of capturing other vital 
information such as credit card and bank account numbers and passwords.     
Linda V.

for HELP or to subscribe/unsubscribe, contact: HELP@insulin-pumpers.org
send a DONATION http://www.Insulin-Pumpers.org/donate.shtml