hackfix-virusnews: W32.Frethem.K@mm
- From: "Mike" <mikebike@xxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Tue, 16 Jul 2002 09:20:41 -0700
Virus name: W32.Frethem.K@mm
Threat level: Category 3
Common virus name; Win32 worm
Discovered: July 12
Date: 15 July 2002
Variants: a variant of W32.Frethem.B@mm
Reference urls:
Symantec;
http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem
.k@xxxxxxx
Sophos;
http://www.sophos.com/virusinfo/analyses/w32frethemfam.html
Trend;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WOR
M_FRETHEM.K
Information borrowed from; SYMANTEC SECURITY ALERT
Technical information:
W32.Frethem.K@mm sends itself to email addresses
it finds in the Microsoft Windows Address Book, as
well as any email addresses found in files ending
with the following extensions:
..dbx, .wab, .mbx, .eml, and .mdb
The email includes the following:
Subject: Re: Your password!
Attachments: Decrypt-password.exe and Password.txt
Message:
ATTENTION!
You can access very important information by this
password
DO NOT SAVE password to disk use your mind
now press cancel
After sleeping for several hours, the worm also copies
itself to
C:\Windows\All Users\Start Menu\Programs\Startup\Setup.exe
so it is executed each time Windows is started.
~~~~
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages ~ http://virusinfo.hackfix.org
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: W32.Frethem.K@mm
