|
Post by †Đeådwa†cђer† on Jan 19, 2004 19:56:51 GMT -5
New Worm. W32 Beagle Diffusion: P2P Networks an Mail Addidions! bbeagle.exe in System[32]- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Harms: E_mail send's Bakdoor(Port 6777) Deactivating himself:28.01.2004 Corrective: www.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html®
|
|
|
Post by Webagent007 on Jan 20, 2004 0:35:01 GMT -5
I had those emails at work yesterday wondering why McAfee didnt get them lol.. thanks now I know what it is. (attachements ending on *.exe get removed anyways but if people open it the mail sends itself to new people)
CloseHandle CompareFileTime $ CopyFileA 0 CreateFileA 1 CreateFileMappingA ; CreateMutexA F CreateThread € ExitProcess FindClose “ FindFirstFileA œ FindNextFileA È GetCommandLineA ß GetDateFormatA è GetDriveTypeA õ GetFileSize þ GetLocalTime GetLogicalDriveStringsA GetModuleFileNameA <GetSystemDirectoryA RGetTickCount SGetTimeFormatA UGetTimeZoneInformation bGetWindowsDirectoryA gGlobalAlloc nGlobalFree ªLocalAlloc ®LocalFree ºMapViewOfFile ýReleaseMutex `Sleep eSystemTimeToFileTime wUnmapViewOfFile WaitForSingleObject ”WinExec žWriteFile µlstrcatA ¹lstrcmpiA »lstrcpyA ¿lstrlenA kernel32.dll bwsprintfA user32.dll ! WSAStartup $ accept % bind & closesocket ' connect * gethostbyname + gethostname 6 inet_addr : listen > recv C select D send I socket wsock32.dll 1 CoInitialize k CreateStreamOnHGlobal ole32.dll × StrDupA æ StrRChrA ó StrStrIA ú StrTrimA shlwapi.dll i InternetCloseHandle { InternetGetConnectedState † InternetOpenA ‡ InternetOpenUrlA wininet.dll €RegCloseKey ƒRegCreateKeyA £RegQueryValueExA ®RegSetValueExA advapi32.dll * GetNetworkParams iphlpapi.dll n ShellExecuteA SHELL32.dll 12 y 151.201.0.39 .wab .txt .htm .html .r1 @hotmail.com @msn.com @microsoft @avp. %s?p=%lu&id=%s http://www.elrasshop.de/1.php http://www.it-msc.de/1.php http://www.getyourfree.net/1.php http://www.dmdesign.de/1.php http://64.176.228.13/1.php http://www.leonzernitsky.com/1.php http://216.98.136.248/1.php http://216.98.134.247/1.php http://www.cdromca.com/1.php http://www.kunst-in-templin.de/1.php http://vipweb.ru/1.php http://antol-co.ru/1.php http://www.bags-dostavka.mags.ru/1.php http://www.5x12.ru/1.php http://bose-audio.net/1.php http://www.sttngdata.de/1.php http://wh9.tu-dresden.de/1.php http://www.micronuke.net/1.php http://www.stadthagen.org/1.php http://www.beasty-cars.de/1.php http://www.polohexe.de/1.php http://www.bino88.de/1.php http://www.grefrathpaenz.de/1.php http://www.bhamidy.de/1.php http://www.mystic-vws.de/1.php http://www.auto-hobby-essen.de/1.php http://www.polozicke.de/1.php http://www.twr-music.de/1.php http://www.sc-erbendorf.de/1.php http://www.montania.de/1.php http://www.medi-martin.de/1.php http://vvcgn.de/1.php http://www.ballonfoto.com/1.php http://www.marder-gmbh.de/1.php http://www.dvd-filme.com/1.php http://www.smeangol.com/1.php Date: %s To: %s Subject: Hi From: %s Message-ID: <%s%s> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------%s" ----------%s Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ----------%s Content-Type: application/x-msdownload; name="[%%RAND%%].exe" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="[%%RAND%%].exe" ----------%s-- . Test =) [%RAND%][%RAND%] -- Test, yep. :l del %1 if exist %1 goto l del %0 a.bat open q Í calc.exe open SOFTWARE\Windows98 uid SOFTWARE\Microsoft\Windows\CurrentVersion\Run d3dupdate.exe \bbeagle.exe frun , , < > CC: BCC: To: HELO %s RSET MAIL FROM:<%s> RCPT TO:<%s> DATA [%RAND%] ddd',' dd MMM yyyy HH:mm:ss %03i%02i \ *.* beagle_beagle \bsupld -upd .exe
|
|
|
Post by †Đeådwa†cђer† on Jan 20, 2004 17:17:42 GMT -5
Moinsen*ggg* Ähm..McAfee don't get Worms and Trojans. The Best Virus, Trojan Horse and Wrom's Scanner, Blocker is, BitDefender.
Ty
|
|
|
Post by Webagent007 on Jan 21, 2004 1:12:54 GMT -5
nah McAfee didnt get it because it was only discovered on the 18th. I dont know what version of McAfee dont pick up worms/trojans but the one we use does normally lol.
|
|
|
Post by Yahoo on Jan 21, 2004 4:12:27 GMT -5
cillin gave me the update pattern 3 hours after it was discovered ,pretty good i thought!
|
|
|
Post by †Đeådwa†cђer† on Feb 2, 2004 19:57:05 GMT -5
W32/Mydoom (Novarg)Alias: W32.Novarg.A@mm, Win32/Shimg, W32/MyDoom-A, Worm.SCO.a, I-Worm.Novarg, I-Worm.Mydoom, Worm/MyDoom.A2, WORM_MIMAIL.R Free Removal Tool de.bitdefender.com/html/free_tools.phpTy Ty
|
|
|
Post by †Đeådwa†cђer† on Jul 12, 2004 12:31:23 GMT -5
|
|