OpenBCM V1.13 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
M1CUK  > INFO     03.08.02 12:06l 63 Lines 1991 Bytes #999 (0) @ WW
BID : 6425-GB7FCR
Read: DB0FHN GUEST
Subj: Virus / Worm Update..
Path: DB0FHN<DB0ZWI<DB0HOT<OK0PBX<OK0PAD<OK0PPL<RZ6HXA<SP7MGD<GB7YKS<GB7ESX<
      GB7FCR
Sent: 020803/0942Z @:GB7FCR.#16.GBR.EU #:6425 [Blackpool] FBB-7.03a $:6425-GB7F
From: M1CUK@GB7FCR.#16.GBR.EU
To  : INFO@WW

New Mass Mailer - PE_CHIR.B (Low Risk)
--------------------------------------
This mass-mailing worm propagates by sending copies of itself
to all addresses listed in the target user's Windows Address Book
(WAB). It sends an email with the following details:

From: imissyou@btmail.net.cn
Subject: <username> is comming!
Message:
Attachment: PP.EXE

It also infects all files with the following extensions:
EXE
SCR
HTM
HTML

On the first day of every month, it overwrites the first
1,234 Bytes of all files with the following extensions:

ADC
RDB
DOC
XLS

This worm exploits a known vulnerability affecting systems running
Microsoft Internet Explorer 5.01 and 5.5. This exploit allows the
automatic execution of email attachments without the user opening
them. The infected email attachment is tagged as audio/x-wav
content-type by this worm. Therefore, the default audio-file
player of the system that this email arrives in, attempts to
open the attachment.

Upon execution, this worm executes itself as another process.
Since the creation of another process consumes additional memory
resources, this behavior may cause the infected system to hang.
This worm drops several copies of the file README.EML on all
directories and subdirectories. This file is a Uuencoded version
of the worm. Uuencode is a universal protocol for sending files
between different platforms, and is typically utilized for
sending email attachments.

On infected systems running Windows NT 4.0, Windows 2000, and
Windows XP, this malware runs the Net Send command to send the
following text message to all computers belonging to the same
workgroup:

My god! Some one killed ChineseHacker-2 Monitor

If you would like to scan your computer for PE_CHIR.B or
thousands of other worms, viruses, Trojans and malicious code,
visit HouseCall, Trend Micro's free online virus scanner at:
http://housecall.antivirus.com/

-------------------------------

Regards
	Trev.
	m1cuk


Read previous mail | Read next mail


 15.07.2026 06:18:15lGo back Go up