| Author |
Thread For UK Users (archive) |
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
Morning. Welcome to our arse thread kazh. Just got my phone upgraded an am restoring a backup. Only 16 mins!!
|
|
|
mhorton
Joined: Jan 13, 2002
Posts: > 500
From: UK
PM |
Something that came round work.
Information about the W32/Fizzer worm:
W32/Fizzer is an email worm. This worm will infect Windows systems. The worm spreads through email, shared network drives, IRC and KaZaA P2P software. It also contains a backdoor trojan component that contains key-logging capability.
The worm arrives with a subject, which is a combination of words randomly chosen by it. The names of the infected attachments of the worm are randomly generated from the words contained in a list of its own.
The extension of the infected attachment can be any one of these .com, .exe, .pif, .scr. Upon execution of the attachment, the worm copies itself as:
iservc.dll
ProgOp.exe
initbak.dat
iservc.exe
to the Windows folder. It modifies registry at the following location to run itself at the startup.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
The worm tries to collect all the email addresses found under Microsoft Outlook, Windows address book. The worm tries to mail itself to these email addresses using its own SMTP engine. The worm also tries to generate email addresses using a set of formulae.
The backdoor component of the worm tries to connect to the IRC channels and executes in the background. The worm also logs all the key-strokes to a file ISERVC.KLG, under Windows folder in an encrypted format. It also attempts to terminate few anti-virus softwares.
This worm first appeared on 8th May 2003.
Other names of W32/Fizzer worm:
This worm is also known as WORM_FIZZER.A, W32/Fizzer@MM, W32/Fizzer-A
|
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
Just get norton and you should be fine..
|
evoke
Joined: Mar 05, 2002
Posts: > 500
PM |
2 people at work got it yesterday
This message was posted from a P800 |
Eleventy7
Joined: Jul 05, 2002
Posts: > 500
From: the rotten oasis
PM, WWW
|
mornin. work quiet this mornin, which is nice.
kazh - welcome to the mighty UK thread m8
|
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
Ed: Were they stupid enough to open the attachment? |
evoke
Joined: Mar 05, 2002
Posts: > 500
PM |
they must have been! one was gedi from guru quite an it buff.. actually just asked him and he said he was suspicious but it appeared to have come from a finance company he uses
This message was posted from a P800 |
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
& he didn't bother to virus checkit?
|
evoke
Joined: Mar 05, 2002
Posts: > 500
PM |
works pc
This message was posted from a P800 |
sunjivas
Joined: Aug 17, 2002
Posts: > 500
From: London, UK
PM |
afternoon
xams over 
welcome kazh  |
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
Excrement Sunj!!
Ed: No antivirus at work?
|
evoke
Joined: Mar 05, 2002
Posts: > 500
PM |
yes norton eamonn
This message was posted from a P800 |
Eamonn
Joined: Nov 30, 2001
Posts: > 500
PM |
And it didn't detect the virus? |
Eleventy7
Joined: Jul 05, 2002
Posts: > 500
From: the rotten oasis
PM, WWW
|
ou est le gare?
|
sunjivas
Joined: Aug 17, 2002
Posts: > 500
From: London, UK
PM |
erm where is the station? |
|
|
Posted: 2003-05-15 11:28
