|
-
March 7th, 2002, 07:06 AM
#1
Registered User
 Heads up!!! Fake MS security update!!!
Here's another one to look out for!!!
<a href="http://www.internetnews.com/dev-news/article/0,,10_986251,00.html" target="_blank">http://www.internetnews.com/dev-news/article/0,,10_986251,00.html</a>
-
March 7th, 2002, 10:40 AM
#2
Latest virus waring from our network supervisor
The latest virus claims to be the security patches for Outlook and IE.
Only download security patches directly from Microsoft, never use the
files that arrive in an E-mail!!!
Win32.Gibe trojan, worm Win32/Gibe is a buggy mass-mailing worm that
utilizes Microsoft Outlook and the SMTP to propagate. The email
pretends to be an official message from Microsoft Corp. carrying the
latest version of a security update for Internet Explorer and MS
Outlook/Express. The attachment name is: q216309.exe If the
attachment is executed, the worm will drop 4 files into the Windows
directory and execute them: WinNetW.exe, BcTool.exe - mass-mailing
components GfxAcc.exe - Backdoor Trojan listening on port 12378
q216309.exe - copy of itself A DLL is also dropped into the System
Directory: vtnmsccd.dll - copy of itself The worm creates the file
02_N803.dat in the Windows directory to store any email addresses
collected from the local system. The following registry modifications
are also made:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \LoadDBackUp =
"C:\WINDOWS\BcTool.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \3Dfx Acc =
"C:\WINDOWS\GFXAcc.exe" This will cause the backdoor trojan and the
mass-mailing component to execute upon Windows startup. The worm
creates and uses the following key to store some SMTP and other
information: HKLM\Software\AVTech\Settings And leaves an ID:
HKLM\Software\AVTech\Settings\Installed = "... by Begbie"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks