Robin
Cast Member
Posts: 940
Registered: Aug 2002
|
Posted
10-25-02 06:17 PM
WORM_HOBBIT.G is a Win32 worm that propagates via Microsoft Outlook and the KaZaa network. In Microsoft Outlook, it sends itself as an email message with the following details:
Subject: Fwd: Scan your computer for this new virus threat...
Message Body: This is a fix and removal for the new internet worm known as BugBear. 1 in ever 4 computers in infected with this virus. When run, it will scan your computer and notify you if you're infected or not, then clean if infected.
Attachment: Anti-Bug.exe
To make itself easily accessible over the Kazaa network, this worm copies itself to the following folders:
C:\KaZaa\My Shared Folders
C:\Program Files\KaZaa\My Shared Folders
Upon execution, it displays a message box with the title “kn0x 0wnz” and the message “System Not Infected with Bugbear”.
This worm creates copies of itself in the Windows directory as shizzle.exe and Anti-Bug.exe, and it adds a registry entry that allows it to execute at every Windows startup.
It drops a number of files by certain names, which could have the extensions .EXE, .PIF, .BAT, or .SCR. It also may choose filenames from a lengthy list of specific possibilities.
This worm also attempts to perform a DoS (Denial of Service) attack on a certain Web site by continuously sends PING requests to this site, each containing 10,000 Bytes.
If you would like to scan your computer for WORM_HOBBIT.G or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com/
WORM_HOBBIT.G is detected and cleaned by Trend Micro pattern file #368 and above.
For additional information about WORM_HOBBIT.G please visit: http://www.trendmicro.com/vinfo/vir...e=WORM_HOBBIT.G
I toss my cookies for Disney.
I wonder what inspired this new Disney T-shirt? "I'm right. You're wrong. Any Questions?"
|
