Jo, jo, uz se to knam sype... Jeste ze mame NAV! :-) Valasska kralovska... ----- I-Worm/Naith (alias Win32/Lirva, W32/Naith, W32/Avril) Jde o cerva siriciho se pres sdilene disky, IRC a ICQ. Po svem spusteni vyrobi sve vlastni kopie pod nahodnymi nazvy v adresarich WINDOWS\TEMP (zde ma priponu .TFT), WINDOWS\SYSTEM a C:\. V adresari WINDOWS\TEMP take vytvori soubor AVRIL-II.INF, obsahujici jakousi svoji prezentaci: 2002 (c) Otto von Gutenberg Made in .::]|KaZAkHstaN|[::. As stated before, purpose is only educational, however... I'm back to the scene with one more gift |Avril-II| (remember 'A' version of Avril-II) HINT:NB: NEVER ACCEPT GIFTS FROM THE STRANGER Avril-II is commonly dangerous because of its over-trojaned issues Greetz to Brigada Ocho (http://vx.netlux.org/~b8), Darkside Project (http://darkside.dtn.ru) and Weisses Fleisch Project (http://wf.h1.ru) Many thankx to my muse Avril Lavigne whose beauty causes work to flow rapidly New features included: ICQ/IrC/ShaReD (urgently persuade to check it instantly) BackOrifice-server dropper will be included next time Cheerz, Otto (www.otto-koden.h1.ru) Nakonec se virus zaregistruje do klice HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Avril Lavigne - Muse, jehoz obsahem je cesta ke kopii cerva s adresari SYSTEM. Take si pro sve ucely vytvari klic HKLM\Software\OvG\Avril Lavigne. Sireni: Pres sdilene disky: Virus projde vsechny dostupne sitove disky a v jejich rootu vytvori svoji vlastni kopii pod nahodnym nazvem a k tomu soubor autoexec.bat obsahujici jediny prikaz ke spusteni cerva. Napr.: @win HD11cD16.exe E-mailem: Virus prijde jako priloha zpravy s jednim ze subjectu: Fw: Prohibited customers... Re: Brigade Ocho Free membership Re: According to Daos Summit Fw: Avril Lavigne - the best Re: Reply on account for IIS-Security Re: ACTR/ACCELS Transcriptions Re: The real estate plunger Fwd: Re: Admission procedure Re: Reply on account for IFRAME-Security breach Fwd: Re: Reply on account for Incorrect MIME-header Jmeno prilohy muze byt: Resume.exe Download.exe MSO-Patch-0071.exe MSO-Patch-0035.exe Two-Up-Secretly.exe Transcripts.exe Readme.exe AvrilSmiles.exe AvrilLavigne.exe Complicated.exe Singles.exe Sophos.exe Cogito_Ergo_Sum.exe CERT-Vuln-Info.exe Sk8erBoi.exe IAmWiThYoU.exe Cerv pouziva IFRAME exploit diky kteremu starsi nezapatchovane Outlooky prilohu spusti bez ptani.
This archive was generated by hypermail 2.1.2 : 10. 01. 2003, 14:33 CET