Vulnerability Development mailing list archives
Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm
From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Tue, 13 Feb 2001 13:59:57 -0500
looks like this does the following: Creates a registry entry in HKCU\software\OnTheFly, defaulted at "Worm made with Vbswg 1.50b" It checks to see if it's Janurary 26th, and if so jumps to the website http://www.dynabyte.nl It then sends itself to all receipients in your contact list (ms outlook/outlook express/more?) with the subject of "Here you have, ;o)" and the body of "Hi: Check This! and the attachment of AnnaKournikova.jpg.vbs after the message is sent, it deletes itself so it can't be "easily traced" then writes the registry entry to say it's been mailed allready so it doesn't do it again ryan
Current thread:
- unobfuscation of AnnaKournikova.jpg. vee bee ess worm rpc (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Ryan Yagatich (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Vladimir Dubrovin (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Dzzie Z (Feb 19)