Archived posting to the Leica Users Group, 2000/11/22
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]l Please be aware there are Two new viruses infecting email systems. One contains an attachment called NAVIDAD.EXE and the other can arrive with a number of different subject lines. Please be careful when opening email messages that you are not expecting especially if they have an attachment. - ---------------------------------------------------------------------------- - ------------------------------------------------------------------------ This is an Internet worm which uses MAPI Outlook to spread. It will be received by email as a response to a sent email message to an infected user, with the attachment NAVIDAD.EXE. When ran, this worm displays a dialog box entitled, "Error" which reads "UI". A blue eye icon appears in the system tray next to the clock in the lower right corner of the screen, and a copy of the trojan is saved to the file "winsvrc.vxd" in the WINDOWS SYSTEM directory. The following registry key values are created: Symptoms - - Presence of the EYE icon in the lower right corner of your screen - - When the cursor is placed over the EYE icon, the text, "Lo estamos mirando..." is displayed. Translated this means, we are watching it. - - When the "eye" icon is clicked, a button appears reading, "Nunca presionar este boton". Translated this means, never press this button. - - When the button is pressed, a messages box is displayed entitled, "Feliz Navidad", which reads "Lamentablemente cayo en la tentacion y perdio su computadora". Translated this reads, Merry Christmas, Unfortunately you've given in to temptation and lose your computer. - ---------------------------------------------------------------------------- - --------------------------------------- - ---------------------------------------------------------------------------- - ----------------------------------- This worm can arrive by email in HTML format with one of the following subject lines: Romeo and Juliet ble bla, bee I Love You ; sorry... Hey you ! Matrix has you... my picture from shake-beer The email will appear to contain no contents or identifiable attachments however is encoded to contain two files, myromeo.exe and myjuliet.chm. - ---------------------------------------------------------------------------- - ------------------------------------------