| |
M1CUK > INFO 25.11.02 07:51l 63 Lines 2233 Bytes #999 (0) @ WW
BID : 4C2681M1CUK
Read: DB0FHN GUEST
Subj: virus info
Path: DB0FHN<DB0ZWI<DB0HDF<DB0ERF<DB0MRW<OK0PPL<RZ6HXA<SP7MGD<ON0BEL<GB7FCR
Sent: 021123/0023Z @:GB7FCR.#16.GBR.EU #:29884 [Blackpool] FBB-7.03a $:4C2681M1
From: M1CUK@GB7FCR.#16.GBR.EU
To : INFO@WW
Your Free Gift - WORM_FREGIT
WORM_FREGIT.A and its variants, WORM_FREGIT.B and WORM_FREGIT.C,
are non-destructive, memory-resident, non-encrypted worms that use
Microsoft Outlook to send themselves as attachments to an email message
sent to all addresses listed in the infected user's Microsoft Outlook
address book.
These worms arrive in an email as an attachment named FreeGift.scr. Upon
execution, the worm copies itself to a FreeGift.scr file in the Windows
System directory and creates a registry entry so that its dropped copy,
FreeGift.scr, automatically executes at every Windows startup.
The email subject line of the message it sends, is chosen from a fixed
list of possibilities, and the message body contains the following (the
message starts and ends with any of the following):
Message Body:
>>>>>>><<<<<<<>>>>>>><<<<<<<>>>>>>><<<<
--------------------------------------------------------------
========================================
*************************************************************
###########################################
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Free Gift" Requested For: <Recipient>
This email was originally requested by this very kind person to send you a
free gift! Your free gift (in the atachments) is an installation package
that will download your free software (along with a setup file) from our
home page (http://www.freegift.<ext> /)
If you have any setup difficulties or troubleshooting on how to use the
setup, contact and you will be emailed back shortly.
Have fun with your free gift!
Attachment: Free_Gift.scr
The extension of the URL provided in the email message may be .net, .com,
or .co.uk. The worm randomly selects the creator's address from three
fixed lists of possibilities.
-------------------------------------------------------------------------
73's
Trev,
SysOp GB7FCR
E-Mail trev@gb7fcr.co.uk
Web Site http://www.gb7fcr.co.uk
AX25 - tcp/ip - Telnet - axip - RF & Internet Linked System's
Message timed: 23:24 on 22 Nov 02
Message sent using WinPack-Telnet V6.80
GB7FCR A KB2VXA FREE ZONE.
Read previous mail | Read next mail
| |