Spyware, Viruses, & Security forum

General discussion

Weekly report on viruses and intrusions - 03/28 /04

- Weekly report on viruses and intrusions -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 28, 2004 - The report for the last week of the month will
focus on five worms -Mywife.A, Snapper.A, Cone.E, Netsky.P and Witty.A-, and
a hacking tool called Starr.A.

Mywife.A is a worm that spreads via e-mail in a message with variable
characteristics. It deletes the entries related to various antivirus and
security applications from the Windows Registry, and as a result, these
programs will not automatically run when Windows starts up. This means that
computers infected by Mywife.A will be unprotected against attacks from
other malware.

Snapper.A is a worm that spreads via e-mail. It is run automatically when
the message carrying the worm is viewed through the Preview Pane in Outlook.
It does this by exploiting the Exploit/Iframe vulnerability, which affects
versions 5.01 and 5.5 of Internet Explorer and allows file attached to
e-mail messages to run automatically.

Through this exploit the Snapper.A worm downloads the file banner.htm which,
in turn, will download a file with a CGI extension that exploits another
vulnerability called Object Data Remote Execution to run Visual Basic Script
code. When this code is run, a DLL is created in the Windows directory.

Cone.E is a worm that spreads via e-mail in a message with variable
characteristics, and through P2P (peer to peer) file sharing programs.
Cone.E is easy to recognize when it is run, as it displays several messages
on screen. It also launches Denial of Service (DoS) attacks against the
website of the Official News Agency of Iran and is programmed to reply to
the messages in the Inbox on the infected computer.

The next worm in today's report is Netsky.P which, like the aforementioned
malicious code, spreads via e-mail in a message with variable
characteristics, and through P2P (peer to peer) file sharing programs. It
also exploits the same vulnerability as Snapper.A, Exploit/Iframe, to run

Netsky.P carries out several actions on the computers it infects, such as
deleting the entries that belong to several worms -including Mydoom.A,
Mydoom.B, Mimail.T and several variants of Bagle-, creating files in the
Windows directory and deleting entries from the Registry.

The last of today's worms is Witty.A, which spreads through the Internet by
exploiting a vulnerability in certain versions of BlackIce's ICQ parser.
This worm sends its malicious code to random ports of random IP addresses
and if it reaches a vulnerable computer, it is run and the worm carries out
its actions, such as overwriting random sectors of the hard drive, which
could lead to information loss and eventual system failures.

We are going to finish today's report with Starr.A. This hacking tool allows
Internet and system activities to be to monitored, for example, it allows
keystrokes to be logged. It also incorporates a protection system at
kernel-level, which makes it difficult to detect. Starr.A is not dangerous
but it could be used for malicious purposes.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:

Discussion is locked
You are posting a reply to: Weekly report on viruses and intrusions - 03/28 /04
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Weekly report on viruses and intrusions - 03/28 /04
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.