|
|
Rubrik: Virenwarnung/Aktuelle Meldungen Trend Micro: Neuer Wurm mit hohem Schadpotenzial: "WORM_SOBIG.F" Hohes Schadens- und Verbreitungspotenzial (21.08.03) - Die TrendLabs von Trend Micro warnen erneut vor einem Wurm, der bisher in Europa noch geringe Verbreitung aufweist, aber über ein hohes Schadens- und Verbreitungspotenzial verfügt. Betroffen sind die Systeme Windows 95, 98, ME, NT, 2000, und XP. Trend Micro erkennt den Computerwurm ab Pattern-Datei 617.
Anzeige
"WORM_SOBIG.F" verbreitet sich als Dateianhang von Massen-E-Mails über eine eigene SMTP-Engine. Er extrahiert die Empfänger-Adressen für sein Massen-Mailing aus Dateien mit den Dateierweiterungen *.DBX, *.HLP, *.MHT, *.WAB und *.HTML. Die Betreffzeile variiert
unter folgenden Nachrichten: Re:
Thank you! Thank
you! Re:
Details Re:
Re: My details Re:
Approved Re:
Your application Re:
Wicked screensaver Re:
That movie Der Mailkörper beinhaltet
wahlweise eine der folgenden Textnachrichten: See
the attached file for details. Please
see the attached file for details. Das Attachment weist eine der
folgenden Bezeichnungen auf: your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr movie0045.pif
Re:
Thank you! Weitere Informationen zum Virus lesen Sie bitte in der
englischen Originalpresseinformation von Trend Micro: Trend Micro Warns Computer Users of WORM_SOBIG.F, a New Variant of the
Mass Mailing Worm SOBIG Malware Name:
WORM_SOBIG.F Aliases: Win32.HLLM.Reteras Overall Risk Rating:
Medium Damage Potential: High Distribution Potential: High Trend
Micro customers should download pattern file #618 at www.trendmicro.com/download/pattern.asp
Trend
Micro Control Manager Outbreak Prevention Policy #48, and Trend Micro System
Cleaner # 162 ver 03 will be available shortly. Non Trend Micro customers
should scan their IT systems with Trend Micro's free online scanner,
Housecall, which can be found at http://housecall.trendmicro.com/. This worm
propagates by mass-mailing copies of itself using its own Simple Mail
Transfer Protocol (SMTP) engine. It
collects email addresses from files with the following extensions: DBX HLP MHT WAB HTML The
email message it sends out contains the following details: Subject: <any of the following:> Re: Thank
you! Thank
you! Re:
Details Re: Re:
My details Re:
Approved Re: Your
application Re:
Wicked screensaver Re: That
movie Message body: <any of
the following:> See the
attached file for details. Please
see the attached file for details. Attachment: <any of the following:> your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
Re: Thank
you! It runs
on Windows 95, 98, ME, NT, 2000, and XP systems. Upon
execution, this worm drops a copy of itself in the Windows folder as
winppr32.exe: %Windows%/winppr32.exe (Note:
%Windows% is your Windows folder which by default is C:/Windows for Windows
9x, ME, and XP or C:/Winnt for Windows NT, and 2000 systems) It
also drops a non-malicious text file, winstt32.dat, in the Windows folder: %Windows%/winstt32.dat To
ensure that it is automatically executed at every Windows startup, it adds
the following registry entries: HKEY_CURRENT_USER/Software/Microsoft/Windows/
CurrentVersion/Run
TrayX =
"%Windows%/winppr32.exe /sinc" HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/
CurrentVersion/Run
TrayX =
"%Windows%/winppr32.exe /sinc" For more
information, please visit: http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756&VName=WORM_SOBIG.F. (ma) Trend Micro Tel. (089)
37479-700, Fax (089) 37479-799 E-Mail: sales@trendmicro.de Web: www.trendmicro.de |
