Weekly report on viruses and intruders

Feb 28, 2005 Weekly Virus Report Comments (0)

This week's report on viruses and intruders will focus on four worms - the A and B variants of Stang, Assiral.A and Sober.M-.

Stang.A and Stang.B spread through MSN Messenger in messages containing texts like 'Look At This Hot Naked Girl' and an attached file with names like 'Hey look at my moms dildo!!.pif'. If this file is run, these worms send themselves out to all of the contacts in this instant messaging application and turn off the security programs that could be installed on the computer, such as the Windows personal firewall.

What's more, Stang.A and Stang.B block the Task Manager and Registry Editor in this operating system. They also try to end the SVCHOST.EXE and LSASS.EXE processes, which could cause the computer to automatically shut down.

The third worm in today's report is Assiral.A, which spreads via email in a message with the text 'Re: LOV YA !' in the subject and an attached file called 'LOVE_LETTER.TXT.EXE'. When this file is run, the computer will be infected by Assiral.A, which will then look for email addresses to send itself to.

Assiral.A carries out many different actions on the computer it infects, including the following:

- Prevent access to the Windows Registry Editor.

- Hide the Run option in the Start menu.

- Disable the command-line.

- Modify the home page in Internet Explorer.

- Try to end the processes belonging to different antivirus and firewall applications.

- When it is run, it displays a message on screen which announces its mission to rid the Internet of the actions of the Bropia worms.

We are going to finish this week's report with Sober.M, a worm that spreads via email in a message that can be written in English or German. If the mail domain ends in de, ch, at or li, both the subject and message will be written in German.

After infecting a computer, Sober.M opens Notepad and displays a text and then an error message.

About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/

Add a Comment

No messages on this article yet

Other Resources

About Us

Established in 1997, Manufacturing & Logistics IT Magazine (LogisticsIT.com) is the leading specialist IT solutions magazine and web-site covering all aspects of end-to-end supply chains within a wide range of vertical markets. The editorial content covers real live applications within collaborative supply chain environments and has contribution from leading vendors and research analysts. This provides our readers with an insight into how technological developments enable all kinds of businesses to operate effectively and efficiently.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter

Find us on Social Networks

Useful links

Weekly report on viruses and intruders

Add a Comment

Related Weekly Virus Report Articles

How to contact us

Other Resources

About Us

Find us on Social Networks

Useful links

Critical Issues

Technologies

Verticals

Weekly report on viruses and intruders

Add a Comment

Related Weekly Virus Report Articles

Let the news come to you!

How to contact us

Other Resources

About Us