1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio
  3. Está disponível o Comparador ZWAME em versão beta.
    Mais informações.
    Remover anúncio

Freedesktop (W32/Win64.A), a mass-mailing worm

Discussão em 'Windows Desktop e Surface' iniciada por Andr0m3da, 4 de Junho de 2002. (Respostas: 3; Visualizações: 1241)

  1. Andr0m3da

    Andr0m3da Power Member

    Today, the Oxygen3 24h-365d report deals with
    Freedesktop (W32/Win64.A), a mass-mailing worm designed to propagate
    rapidly, and a Trojan called Backdoor/CCInvader2.

    Freedesktop uses 'social engineering' techniques in the e-mail it used to
    spread. In fact, it gets into systems in a file whose name is that of a fake
    Internet address "w w w.freedesktopthemes.com". Through this disguise, it
    tries to trick users into believing that they have received a web address
    >from which they can download desktop themes. However, if the user runs the
    attached file, Freedesktop will send itself out to every entry it finds in
    the Windows and any mail program's address books. Moreover, the worm looks
    for the default mail server in order to connect to it directly and send
    itself massively.

    At regular intervals, Freedesktop attempts to connect to 19 URLS belonging
    to different communications companies in order to provoke a DoS (Denial of
    Service) attack on their servers. Furthermore, the worm creates a file
    called "status.ini" in the affected computer. In computers whose operating
    system is in English, Freedesktop also generates a file named "setup.exe" in
    the Windows startup directory. In this way, the worm ensures it is run on
    every system startup.

    Backdoor/CCInvader2 is a Trojan that modifies the Windows Registry and
    carries out a number of actions on the affected computer: it opens and
    closes the CD-ROM tray, manages files, controls the monitor, etc.
     
  2. badasilva

    badasilva Power Member

    netbus versao 1.0 :P
     
  3. Andr0m3da

    Andr0m3da Power Member

    nem tinha reparado nesse paragrafo, o aviso era mm pró worm no inicio. :P
     
  4. possessed

    possessed Full Throttle BOINC Roller

    ena virus para mamar nos itaniums o nos futuros hammer já ai a bombarem
     

Partilhar esta Página