|
Тема |
Mалко LOVE вируси |
|
Автор |
Jorkata () |
|
Публикувано | 05.05.00 18:29 |
|
|
Ако на някой му се занимава на
www.sans.org/y2k/050400-1100.htm има копие на сорса на вируса. Засега нищо не може да спре вируса /поне така твърдят/. Антивирусните компании са пуснали ъпдейти за f-prot, Norton AV, Bindview. Eто и самата инфо :
'I Love You'
Technical Details
First, as soon as a user opens the worm file (usually by double-clicking), the malicious code accesses the Microsoft Outlook address book and sends a copy of itself to every entry. Second, the worm copies itself into images (.jpg and .jpeg), Visual Basic scripts (.vbs and .vbe) and Javascript (.je and .jse) deleting their previous contents. Music files (.mp3 and .mp2) are hidden and a file of the same name which contains the worm's script and a .vbs file extension is put in its place. The worm will also infects files on networked and mapped drives as well as sending itself to people who join a chat room with an infected member (via mIRC). Finally, the virus will attempt to contact one of four Web sites in the Philippines that supposedly have a file called WIN-BUGSFIX.exe prepared for download. Those sites have since been taken off line by the Internet service provider .
The virus/worm appears to have originated in the Philippines although some reports now indicate Europe.
The malicious code spread around the world in approximately six hours.
CERT claims 300,000 infected computers at 250 sites world wide where reported as of 2pm EST yesterday. This dwarfs Melissa's reach.
There are already at least three variants including one called 'joke' and 'Susitikim'.
People who have analyzed the code have said that its organization is rather sloppy and it does not indicate good programing skills.
|
| |
|
|
|