New virus alert 
Author Message
 New virus alert

VBS/Hard.A.Worm Outlook Express e-mail worm


Hard.A is a worm spreading via the e-mail
system using Microsoft Outlook Express.  It
arrives in a message with the Subject line:

"FW: Symantec Anti-Virus Warning"

The entire message body reads:

----- Original Message -----

Subject: FW: Symantec Anti-Virus Warning

There is a new worm on the Net.
This worm is very fast-spreading and very
Symantec has first noticed it on April 04,
The attached file is a description of the worm
and how it replicates itself.

With regards,
F. Jones
Symantec senior developer

When the attachment is executed, the worm
copies itself to the file:


It then creates and displays an html page which
is supposed to look like an official worm
warning from Symantec.  This file is called:


Next, Hard.A creates and executes the batch file:


As the result, the file
00AA00BDCE0B}" is copied to the file:

Then the worm creates yet another file:
"c:\www.symantec_send.vbs"; this program is
responsible for mailing the worm out via
Microsoft Outlook Express.

The last new file created by the worm is
"c:\message.vbs"; on November 24th, this
program displays a message:

"Don't look surprised!

It is only a warning about your stupidity
Take care!"

Finally, Hard.A modifies the registry making
sure that the worm will be executed at the next
reboot and that the starting page for Internet
Explorer is the local html file created by the
worm earlier (the fake Symantec warning).

Mon, 03 Nov 2003 21:01:07 GMT  
 [ 1 post ] 

 Relevant Pages 

1. Product Support Services - Moderate Security Alert - Virus Alert: Klez-E

2. ALERT! New virus has been very active today

3. just recieved a new virus W32/Bugbear@MM Virus Found


5. Virus Alert

6. Virus alert

7. Virus alert - I just got 3 mails w/ this, norton caught it


9. Virus Alert: Unwarrented?

10. Very Funny.vbs Virus Alert

11. FREE Virus Alert Newsletter


Powered by phpBB® Forum Software