| |
|
Welcome to the Cobra Club Forums forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
| |||||||
| Home | Forums | Blogs | Videos Gallery | Cobra Marques | Info | Groups | Classifieds | Gallery | Arcade | Shopping |
| Wiki | Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| | LinkBack | Thread Tools | Display Modes |
02-10-03, 11:27 AM
| ||||
| ||||
| SUBJECT: W32.Galil.C@mm RISK FACTOR: 2 RISK FACTOR EXPLANATION: This worm can potentially cause a greater impact to personal computers/network more than corporate networks. IMPACT: Mass-mailer; sends itself to addresses found in Outlook address book and MSN messenger list. Gathers network and other sensitive information and sends it using its own SMTP engine. Disables mouse and keyboard. SUMMARY: W32.Galil.C@mm is a mass mailing worm developed in Visual Basic (VB) and compressed using Ultimate Packer for eXecutables (UPX). This worm transmits itself to the email addresses found in files with .htm, .html, .eml, and .txt extensions, and the contacts in the Microsoft Outlook Address Book and MSN messenger contact list. Also, this worm attempts to distribute itself through the KaZaA file-sharing network. PLATFORMS AFFECTED: Workstations,Personal Computers Hardware: Operating Systems: Windows NT,Windows 9x,Windows 2000,Windows Millenium Edition,Windows XP,Windows Server 2003 Applications: BACKGROUND: 1.Disables the mouse and keyboard after the HKEY_CURRENT_USER registry key value reaches 30, when Explore.exe executes. 2.Searches for files with extensions .doc, .jpg, .mdb, .pps, .ram, .xls, or .zip, and then copies the worm to the kaZaA download folder. 3.Retrieves email addresses of current users. 4.Retrieves default SMTP server IP addresses. 5.Retrieves email addresses with file extensions .htm, .html, and .txt. 6.Retrieves email addresses from the Outlook address book and MSN instant messenger list. 7.Forwards the worm to the gathered email addresses using the SMTP.ocx. 8.Transmits network information and email addresses to predefined email address. For additional information on the W32.Galil.C@mm word, reference the http://securityresponse.symantec.com...alil.c@mm.html RECOMMENDATIONS: Administrators are advised to restrict peer-to-peer (P2P) services. If kaZaa or other P2P services are necessary, consider http://www.kazaa.com/us/picks/bullguard_lite.htm) a P2P virus protection product for kaZaa Media Desktop. Routinely check http://www.kazaa.com/us/help/known_virus.htm for latest listing of known viruses and recommendation. Routinely check the following Windows registry key settings for: 1. The value 'a' in the HKEY_LOCAL_MACHINESoftwwareMicrosoftWindows registry. 2. The value 'DeathTime' in the HKEY_CURRENT_USER registry key. VENDOR-SUPPLIED INFORMATION: None
__________________ Best Regards Robert My Son had a toy steering wheel which he used to spin furiously, making loads of go-faster noises, leaning into all the tight corners, perhaps running the government feels a bit like that. You make all the noises, but when you stop you haven't really gone anywhere.      |
| Sponsored Links | ||
| ||
| |
|
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| My Favourite Subject- The Wiring Loom | Nigel Foster | DAX Technical Questions | 5 | 16-02-07 03:26 PM |
| Homers Favourite Subject :- Donuts | TonyD | General Tech Tips & Questions | 12 | 04-12-03 08:30 PM |
| Exhausting Subject | Bigblock | General Cobra Discussion | 1 | 03-04-02 05:36 AM |
Linear Mode
