Using the latest virus that are recognized as the YM W32/VBTroj.CEUU by Norman Security Suite.
Adi said, the message appears in English with a link to a file. To attract his victims, as though the link will lead to a compressed image file format. Zip.
Here are some of the messages sent (in English).
- I just found this pic of you last night, and I think you might want to save it, looks amazing. srv034.imageshares.info: 88/cache/user2940/DVS-Picture009.JPEG.zip
- Would you care if I tagged you in this picture? Or would you get upset at me? srv057.imageshares.info: 88/DisplayPics/user3052/DVT-NewPhoto009.JPG.zip
- his picture is creepy and disturbing! You have to check it out. http://srv034.imageshares.info:88/cache/user2940/DVS-Picture009.JPEG.zip
- I was at the mail, and you will never guess who i saw! http://srv057.imageshares.info:88/DisplayPics/user3052/DVT-NewPhoto009.JPG.zip
- I found the perfect wallpaper. You'll love it, what do you think? http://viewmorepics.facebookgallery.info:88/ImageView&profileID=1390/DVS-MyPhoto14.JPEG.zip
- Have you seen my new glasses? I just found out I had to get new ones. Do they look ok?? http://viewmorepics.facebookgallery.info:88/ImageView&profileID=1390/DVS-MyPhoto14.JPEG.zip
- Why do I even bother taking pictures when they turn out to be like this. Do not show it to anyone please. http://img284.dlimageshack.info:88/img284/43930/MVC-NewPhoto12.JPG.zip
- I finished editing this picture last night for my facebook profile ... How do you like it? http://img425.dlimageshack.info:88/ ~ ProfileView/user4729/DVS-NewPhoto13.JPG.zip
- The pics from my new digital camera keep coming out strange. Can not you tell it does not look right in this one? http://c2ac-b.myspace-pics.info:88/images03/4986051/DVT-Picture004.JPG.ZIP
- If you decide to open this picture you have to promise not to show it to anyone. ok? http://c2ac-b.myspace-pics.info:88/images03/4986051/DVT-Picture004.JPG.zip
Here are some actions that will be the virus, as told by Adi:
- Attempting to connect / contacts to a remote server / IRC (Internet Relay Chat) with a variety of IP.
- Attempting to connect to several websites and try to synchronize the time. " onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Including Microfot.com, Yahoo.com <>
- " onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Attempting to connect to some websites Mail Exchanger (MX). Including Microsoft.com, Yahoo.com, Google.com and Mail.Ru (service provider free e-mail the largest in Russia)
- Attempting to connect to some websites using a variety of ports.
- Synchronize to remote server / IRC server and communicate.
- Downloading a file virus and a list of messages to be sent via the chat application. One link can get up to 50 different messages sentences.
- ends a message to all existing contact address at the chat application.
- Trying to access the network and spreading the virus. In this case even try to get through IPC $.
Well, giatnya virus activity caused the victim's computer will seem slow. In fact, according to Adi, the level of CPU usage can reach 100 percent.
The main spread of this virus is through instant messaging services like YM. But Adi did not rule out its spread is also done via Skype, GTalk (Google Talk), Windows Live Messenger and MRA (Mail.Ru Agent).
In addition, the virus will spread through the network by using file sharing folder. The file is a virus that spreads will have a random name, with the extension. Exe and the size of 212 kb.
0 comments:
Posting Komentar