Nama jenis-jenis virus cecacing ( Worms )
W32/Bagle.GY is a worm. The worm will infect Windows systems and spreads through email.
The infected email carries a spoofed 'From' address picked up randomly from the infected system
The subject of the infected mail will be blank.
The infected attachment will be any one of the following;
Ales.zip
Andrew.zip
Alice.zip
Alyce.zip
Androw.zip
Anna.zip
Androwe.zip
Ann.zip
Anne.zip
Anthony.zip
Annes.zip
Anthonie.zip
Anthonye.zip
Bennet.zip
Avice.zip
Avis.zip
Bennett.zip
Constance.zip
Christean.zip
Christian.zip
Cybil.zip
Dorithie.zip
Daniel.zip
Danyell.zip
Dorothee.zip
Edmonde.zip
Dorothy.zip
Edmond.zip
Edmund.zip
Elizabeth.zip
Edward.zip
Edwarde.zip
Elizabethe.zip
Emanual.zip
Ellen.zip
Ellyn.zip
Emanuel.zip
Frances.zip
Emanuell.zip
Ester.zip
Francis.zip
Geoffraie.zip
Fraunces.zip
Gabriell.zip
George.zip
Harrye.zip
Grace.zip
Harry.zip
Henrie.zip
Hughe.zip
Henry.zip
Henrye.zip
Humphrey.zip
Isabell.zip
Humphrie.zip
Isabel.zip
James.zip
Jeffrey.zip
Jane.zip
Jeames.zip
Jeffrye.zip
John.zip
Joane.zip
Johen.zip
Josias.zip
Judithe.zip
Judeth.zip
Judith.zip
Katherine.zip
Leonarde.zip
Katheryne.zip
Leonard.zip
Margaret.zip
Margerye.zip
Margarett.zip
Margerie.zip
Margret.zip
Martha.zip
Margrett.zip
Marie.zip
Mary.zip
Mychaell.zip
Marye.zip
Michael.zip
Nathaniel.zip
Nicholas.zip
Nathaniell.zip
Nathanyell.zip
Nicholaus.zip
Ralph.zip
Nycholas.zip
Peter.zip
Rebecka.zip
Robert.zip
Richard.zip
Richarde.zip
Roberte.zip
Rycharde.zip
Roger.zip
Rose.zip
Samuell.zip
Sindony.zip
Sara.zip
Sidney.zip
Stephen.zip
Suzanna.zip
Susan.zip
Susanna.zip
Sybell.zip
Thomas.zip
Sybyll.zip
Syndony.zip
Valentyne.zip
Wynefrede.zip
William.zip
Winifred.zip
Wynefreed.zip
Wynnefreede.zip
Upon execution of the infected attachment, the worm copies itself as wind2ll2.exein the Windows system folder.
The worm creates the registry entries at the following location.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru1n
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru1n
The worm tries to connect to the following websites and download a file.
http://[blocked]/1/w3eb.php
http://[blocked]/images/w3eb.php
http://[blocked]/help/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/images/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/1/w3eb.php
It saves the downloaded file as eml.exe in Windows folder.
The infected email carries a spoofed 'From' address picked up randomly from the infected system
The subject of the infected mail will be blank.
The infected attachment will be any one of the following;
Ales.zip
Andrew.zip
Alice.zip
Alyce.zip
Androw.zip
Anna.zip
Androwe.zip
Ann.zip
Anne.zip
Anthony.zip
Annes.zip
Anthonie.zip
Anthonye.zip
Bennet.zip
Avice.zip
Avis.zip
Bennett.zip
Constance.zip
Christean.zip
Christian.zip
Cybil.zip
Dorithie.zip
Daniel.zip
Danyell.zip
Dorothee.zip
Edmonde.zip
Dorothy.zip
Edmond.zip
Edmund.zip
Elizabeth.zip
Edward.zip
Edwarde.zip
Elizabethe.zip
Emanual.zip
Ellen.zip
Ellyn.zip
Emanuel.zip
Frances.zip
Emanuell.zip
Ester.zip
Francis.zip
Geoffraie.zip
Fraunces.zip
Gabriell.zip
George.zip
Harrye.zip
Grace.zip
Harry.zip
Henrie.zip
Hughe.zip
Henry.zip
Henrye.zip
Humphrey.zip
Isabell.zip
Humphrie.zip
Isabel.zip
James.zip
Jeffrey.zip
Jane.zip
Jeames.zip
Jeffrye.zip
John.zip
Joane.zip
Johen.zip
Josias.zip
Judithe.zip
Judeth.zip
Judith.zip
Katherine.zip
Leonarde.zip
Katheryne.zip
Leonard.zip
Margaret.zip
Margerye.zip
Margarett.zip
Margerie.zip
Margret.zip
Martha.zip
Margrett.zip
Marie.zip
Mary.zip
Mychaell.zip
Marye.zip
Michael.zip
Nathaniel.zip
Nicholas.zip
Nathaniell.zip
Nathanyell.zip
Nicholaus.zip
Ralph.zip
Nycholas.zip
Peter.zip
Rebecka.zip
Robert.zip
Richard.zip
Richarde.zip
Roberte.zip
Rycharde.zip
Roger.zip
Rose.zip
Samuell.zip
Sindony.zip
Sara.zip
Sidney.zip
Stephen.zip
Suzanna.zip
Susan.zip
Susanna.zip
Sybell.zip
Thomas.zip
Sybyll.zip
Syndony.zip
Valentyne.zip
Wynefrede.zip
William.zip
Winifred.zip
Wynefreed.zip
Wynnefreede.zip
Upon execution of the infected attachment, the worm copies itself as wind2ll2.exein the Windows system folder.
The worm creates the registry entries at the following location.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru1n
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru1n
The worm tries to connect to the following websites and download a file.
http://[blocked]/1/w3eb.php
http://[blocked]/images/w3eb.php
http://[blocked]/help/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/images/w3eb.php
http://[blocked]/1/w3eb.php
http://[blocked]/1/w3eb.php
It saves the downloaded file as eml.exe in Windows folder.
0 comments:
Post a Comment
Terima Kasih sebab komen, tapi komen ancaman, ugutan, hasutan akan didelete ya :).jom like fanpage facebook AF :) FB AbdulFarique.com