JACKS-L Archives

Archiver > JACKS > 2001-12 > 1009148168


From: "Jenny Kernan-Cienfuegos" <>
Subject: [JACKS] Fw: Oxygen3 24h-365d [Weekly Virus Report - 12/23/01]
Date: Sun, 23 Dec 2001 15:56:08 -0700


New Virus out. For Your Information only.

JennyC
----- Original Message -----
From: "Oxygen3 24h-365d" <>
To: <>
Sent: Friday, December 21, 2001 3:47 AM
Subject: Oxygen3 24h-365d [Weekly Virus Report - 12/23/01]


> "A man's character is his fate".
> Heraclitus(540 BC - 480 BC); Greek philosopher.
>
> - Weekly Virus Report -
> Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
>
> Madrid, 23 December, 2001 - Today, the Oxygen3 24h-365d report deals with
> two mass-mailing worms: JS/Coolsites.A@mm and W32/Reeezak.A@mm.
>
> JS/Coolsites.A@mm is a worm written in Java Script, that exploits a
security
> hole found in Microsoft VM affecting several versions of MS Internet
> Explorer (4.x and 5.x SP1). The worm, which uses e-mail to propagate, is
not
> included in any attachments, but tricks the user into visiting a
> pornographic website, which will trigger the viral code. Next, the
> malicious message is sent out to every recipient found in MS Outlook's
'Sent
> Items' tray. Once this is complete, the worm deletes all the messages in
> that tray in order to conceal its actions.
>
> W32/Reeezak.A@mm is a worm written in Visual Basic and designed to spread
> via e-mail in a file called CHRISTMAS.EXE. This file has the typical
> Macromedia Flash icon, which may fool people into running it.
>
> Once it is run, the worm displays a Christmas greeting with the text "From
> the heart. Happy New Year" and copies itself to the Windows directory
under
> the name CHRISTMAS.EXE. Next, a process called sm56hlpr is created, which
> locks the user's keyboard. W32/Reeezak.A@mm also makes three entries in
the
> Windows Registry with various aims: to run on each system startup, to
change
> the Internet Explorer home page and to change the computer name to
"ZaCker".
> Finally, in computers running under Windows NT, the worm creates a series
of
> processes and title bars with the name 'Christmas', until all system
memory
> is used up.
>
> For further information about these and other viruses, visit Panda
> Software's Virus Encyclopedia at the following address:
> http://www.pandasoftware.com/library/
>
> ------------------------------------------------------------
> To unsubscribe from Oxygen3 24h-365d:
>
> Send a message to the following address:
.
>
> Or click on: mailto:
and send the message.
>
> To contact with Panda Software, please visit:
> http://www.pandasoftware.com/com/pandacorp/pandaworldwide.asp
> ------------------------------------------------------------


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

This thread: