A Division of the Tidal Communications.



  What's New
  Success Stories
  Photo Gallery
  Angler's Report
  Festivals
  Shop eBerg
  Book Reviews
  Movie Reviews
  GAMES
  Open Forums
  Suggested Links
  Maps
  MessageBoard
  Guestbook
  Essays
  Archives

  Submit A Link

  The eKubator




 
Dictionary
Thesaurus
 







Kittiwake Economic Development Corporation

The eKubator Project


W32.Klez.H@mm
POSTED: APR 22, 2002
VIRUS TYPE: email worm
OS AFFECTED: ALL
ALIASES: W32/Klez.G@mm (Norman), W32/Klez.gen@MM, W32/Klez.I (Panda), W32/Klez.K-mm, WORM_KLEZ.G (Trend)
AUTHOR: Unknown
FIX: Symantec's Removal Tool

Most commonly distinguishable with any of the following subjectlines:

    Subject: A very funny website
or Subject: 1996 Microsoft Corporation
or Subject: Hello,yourname,honey
or Subject: Initing esdi
or Subject: Editor of PC Magazine.
or Subject: Some questions
or Subject: Telephone number

Sends an email with attatchments of type: .bat, .exe, .pif or .scr . Sends inf to a specific email addresses. Also uses your address book to pass along the virus to others.

The worm may send a clean document in addition to an infected file. A document found on the hard disk, that contains one of the following extensions, is sent:

.txt
.htm
.html
.wab
.asp
.doc
.rtf
.xls
.jpg
.cpp
.c
.pas
.mpg
.mpeg
.bak
.mp3
.pdf

This payload can result in confidental information being sent to others.

PAYLOAD:
- Attempts to disable anti virus programs that are running - Overwrites files with zeros on the 6th of every odd numbered month (January, March, May, July, September, November)
- information such as passwords may be logged and emailed to predefined addresses
- will propagate by sending itself to addresses in your ICQ and address book (uses your current SMTP engine [ie: Outlook])

W32.Badtrans.B@mm
POSTED: DEC 19, 2001
VIRUS TYPE: keylogger
OS AFFECTED: ALL
AUTHOR: Unknown
FIX: Symantec's Removal Tool

Logs keystrokes and net/network connections. Sends inf to a specific email addresses. Also uses your address book to pass along the virus to others.

PAYLOAD:
- kernel32 is altered
- information such as passwords may be logged and emailed to predefined addresses
- will propagate by sending itself to addresses in your address book (uses your current SMTP engine [ie: Outlook])

GONER.SCR
POSTED: DEC 6, 2001
VIRUS TYPE: email/ICQ worm
OS AFFECTED: ALL
ALIASES: W32.Goner.A@mm, Gone.scr
AUTHOR: Unknown
FIX: Symantec's Removal Tool

W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks. The IRC channel used for controlling the worm is currently blocked, preventing this functionality.

PAYLOAD:
Specific System, Anti-Virus, and Firewall files are deleted. May render the system unusable if not resolved early.

CODE RED
POSTED: July 27, 2001
VIRUS TYPE: email worm
OS AFFECTED: WinNT4.0 or Win2000 Servers running IIS
ALIASES: W32/Bady, I-Worm.Bady, Code Red, CodeRed, W32/Bady.worm
AUTHOR: Unknown
FIX: Microsoft Patch

This worm, spread via email, targets a hole in the Microsoft NT Server 4.0 and Windows 2000 Server family, more specifically of those machines running Internet Information Server {IIS}. The virus attacks the Index Server componant of IIS manipulating it's function to search the internet for other Servers running IIS. An infected server's website may exhibit the text "hacked by chinese". On July 31, 2001, all accumulated servers are then set to attack the U.S. White House government website.

FIX:
An infected server and it's websites can be restored by simply rebooting the machine. Microsoft has also issued a patch resolve the security hole in it's product and prevent infection.

Sir CAM
POSTED: July 27, 2001
VIRUS TYPE: email worm
OS AFFECTED: All except WinNT 4.0 and Windows 2000
ALIASES: W32/SirCam@mm, Backdoor.SirCam
AUTHOR: Unknown
FIX: Symantec's Removal Tool

Emerged in July, 2001. "Sircam" is an e-mail worm that has spread to computer users in 50 countries. Sircam comes with it's own SMTP engine which enables it to send it's infected mails independant of what email program is on the infected users computer.

The worm, also named W32.Sircam, arrives as an e-mail attachment and can delete files from the infected computer's hard drive. The contaminated emails can be in English and Spanish-language versions with the text as follows:

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks

It sends copies of itself, disguised as a random file from the infected computer's hard drive, typically a recent file in the 'My Documents' folder, to all names addresses in the infected computer's address book.