Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm

From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Tue, 13 Feb 2001 13:59:57 -0500
looks like this does the following:

Creates a registry entry in HKCU\software\OnTheFly, defaulted at "Worm made
with Vbswg 1.50b"
It checks to see if it's Janurary 26th, and if so jumps to the website
http://www.dynabyte.nl
It then sends itself to all receipients in your contact list (ms
outlook/outlook express/more?)
with the subject of "Here you have, ;o)"
and the body  of "Hi:
                    Check This!

and the attachment of AnnaKournikova.jpg.vbs
after the message is sent, it deletes itself so it can't be "easily traced"
then writes the registry entry to say it's been mailed allready so it
doesn't do it again



ryan
Previous By Date Next
Previous By Thread Next

Current thread: