support Δημοσ. 29 Μαΐου 2003 Share Δημοσ. 29 Μαΐου 2003 Holar.H worm was found on 28th of May, 2003. It spreads over e-mail and Kazaa P2P networks. The worm was written in Visual Basic and is compressed with the UPX executable compressor. Spreading through email Holar.H searches through '.htm', '.html', '.txt' and '.dbx'files to collect email addresses. Using its own SMTP engine it sends messages with infected attachments to these addresses. Sender address of the email is taken from the user's default email settings. This threat is proactively detected as New MSVB P2P worm when using the 4266 DAT files with the 4.2.40 scan engine and scanning compressed executables (a default scan option). This variant of the worm is very similar to previous variants. It is intended to propagate via email and sharing itself over P2P networks. The worm consists of a 3-file sandwich: DROPPER COMPONENT | PROPAGATION COMPONENT | SMTP LIBRARY The dropper component is intended to drop and run the other components: Propagation component: 56,614 bytes SMTP library: 25,737 bytes Strings within the dropper and propagation components suggest the worm is intended to arrive in a message with the following characteristics: From: [email protected] Virusinfo Συνδέστε για να σχολιάσετε Κοινοποίηση σε άλλες σελίδες άλλες επιλογές
Προτεινόμενες αναρτήσεις
Αρχειοθετημένο
Αυτό το θέμα έχει αρχειοθετηθεί και είναι κλειστό για περαιτέρω απαντήσεις.