Nov virus Maldal-l

Živjo.

Ta novi virus z imenom Maldal-l se pošilja po e-pošti, podobno kot
zadnji znani virusi iz družine Win32 worm (npr. Badtrans, Magistr A/B), itd..

V e-pošti je običajno priponka tipa EXE. Priponka ima običajno ime:
PROGRAM.EXE
Če dobite tako sporočilo enostavno pobrišite e-pošto s priponko vred.
AV programi so že osveženi z zaščito proti temu virusu, vendar šele od danes:
22.2.2002

Subject vrstica vsebuje eno od spodaj naštetih:

“Fwd: WoOoOoOow”
“Fwd:Wow , We are the same !”
“Fwd: [Muzicana-Group] Download what you want”
“Zakia Zakaria & Najati :P”
“Fwd:The demand of sex … where does it lead us to ?”
“Take a picture for your self (Don’t be mad its only a joke)”
“Fwd:Is there any true love ?”
“Fwd:Have u ever seen your face?! (Funny)”
“Fwd:Against the power of women”
“Fwd:Fwd:If you care about your wife”
“Fwd:Say ‘I Love You’ in 300 languages”
“Fwd:Send it to every body you love ;)”
“Re:Fwd:Romantic Day”
“Fwd: Let’s Dance & forget pains”
“Fwd:Loneliness …”
“Fwd: [sex-is] HoT MoVies”
“Fwd: [SpanishGirlsGroup] Hola …”
“Fwd: [LsbianLovers-group] Lick my @!#$”
“Fwd:[Anal-sex-team] OOOH Faster”
“Fwd: [PussyLand-egroup] How sweet…”
“Fwd: [DrFun-egroup] Let’s Laugh”
“Fwd: [FuNnY-egroup]Hehehehehe damn”
“Fwd: [SexyGurls-egroup] Raping a little girl”
“Fwd: [Scr-News-egroup] Have u ever seen BLOOD”
“Fwd: [Yabdoo-egroup]For HaCkers Lovers”
“Fwd: [Jews-egroup] Sharoon Owns The World”
“Fwd: [FunMaiL-group]Bush under bin laden’s cock !!!”
“Fwd: [Teen-egroup] Three Ways For Love”
“Fwd: [RomanticLife-group] Learn How To Love …”
“Fwd: [Gays-egroup]Oh Shittttt”
“Fwd:Remember our survivors”
“Fwd: [JewsFood-egroup] Dogs Meat !!!”
“Fwd: [PianoMoZart-egroup] Wow Romantic”
“Fwd:Tonight is… The Night Of Sex”
“Fwd: Are you looking for FUN !!!?”
“Fwd: [PussyPiss-egroup] Piss On my face :O”
“Fwd: [Finance-group] Do you wanna be a rich man?”
“Fwd:”
“Fwd: [lovedreams-egroup] love speaks from the heart …”
“Fwd:Change your life with Dr.Jobreee”
“Fwd: [TeroNews-Group] Too Late … Bin Laden has been killed”
“Fwd: [Pc.CLup-Group] Learn how to deal with DOS”
“Fwd:[RapingTeen-eGroup] Oh My God !!!”
“Fwd: The rights of women !!! “

The body text of the email is likely to be blank and the filename of the attachment is most likely to be PROGRAM.EXE.

The worm can extract email addresses from web pages on the hard drive as well as from the Microsoft Outlook address book.

When first run W32/Maldal-I will set the registry key HKLM\Shadup.

When next run it will display a box with a black background and red text stating:

“Sorry you have not registered
Please contact us”

along with some phone numbers, email addresses and instructions on how to subscribe. It will then set the registry key HKLM\e5zemha.

The worm will create several entries in the registry Run key all pointing to copies of itself scattered over the harddisk, although it may not actually create the associated files.

Five minutes after being run, the worm may display a black background with the following text in red letters:

ZaCker Is N YoUr MaChiNe

POZDRAV! PROGRAM.EXE.??? kot vsazga sem tud tega že okusil 😉 samo z razliko da je moj norton 2002 takoj prepoznal…. pa ga če nisem prej upgreatal pa tudi to …nisem ga prejel po mailu ampak med tem ko sem odpiral neko internetno stran tako da zgleda, da se ne prenaša samo po emailu…
Klemen povej če je to možno?

Zadnje čase je vse možno. Želodec se mi obrača na domačih tujih irc serverjih, kjer kar mrgoli virusov in linkov na strani z njimi.
Poleg tega prihajajo tudi na ICQ, Odigo in MSN Messenger.

Skratka, previdnost ni odveč. Tega bo vse več. Uporabniki so že malce bolj osveščeni, ampak verjetno je glavna ovira bliskovito širjenje v omrežjih. Tega ne more nihče ustaviti. V vsaki firmi se najde kdo, ki aktivira virus. Nadaljevanje pa poznamo.