■Win32/Bagle.F
Win32/Bagle.F は、電子メールの添付ファイルやP2Pネットワークまたは共有フォルダを利用して拡散するワームです。
メールの題名は次のいずれかです。
Aline
Anna
Audra
Bad girl
Barbi
Caitie
Fotograf
Gallery photos
Hey, dude, it's me ^_^ :P
Hey, ya! =))
Hi! :-)
Hokki =)
Jammie
Juli
Julie
Katrina
Katrina
Kelley
Lisa
Mandy
Mary
Mary-Anne
My Name is Frenk
My beautiful person
My photoalbum
My photos
Myphotos
Photoalbum
Rena
Sara
Tammy
Wau... beautiful (-:
Weah, hello! :-)
Weeeeee! ;)))
^_^ meay-meay!
^_^ meay-meay!
^_^ mew-mew (-:
beautiful
caroline
ello! =))
groom
kate
kleopatra
rebecca
stacy
メールの本文は、次の文字列からランダムに選ばれます。
Argh, i don't like the plaintext :)
Fell free to chat with me I accept all ages. Don''''t
worry I don''''t bite........hope to hear from you soon!
If you are going to make me cry, at least be there to
wipe away the tears *Right now the worst thing for you
to tell me that I can find someone better than you, especially
when you are all I want
You don't know what you've got till it's gone *You hurt
me more than I deserve, how can you be so cruel? I love
you more than you deserve, how can I be such a fool?
I sit with elders of a gentle race, whose world is seldom
seen.Who sit and talk of days for which they wait, when
all will be revealed. These are song lyrics.
I'm a social butterfly and a natural flirt. Very hard
to get my complete attention. Very open and will answer
almost anything. But please don't piss me off. I can be
sweet and cuddly or a whatever mood I am in that day so
everyday
Love the outdoors, literature, writing, and athletics
When The Trust is Gone So Is The Love That Fades Like
the Rain Washing Away All The Sorrows Of Yesterday Why
I Ask Myself Must It End Like This Tomorrow, I Tell Myself,
I'll Be Okay For Now, I'll Just Live In The Memories Of
Our Life Together
I enjoy clean conversations but am open to conversing
with women and men with little ones as well. I am very
open-minded. All authorization requests will be denied
if I don't receive messages and get to know you first.
I love camping, dirt track racing, going for walks, and
I have 2 cats - HotRod and Deebo (named from the movie
'Friday' and he lives up to it!). Life is ever changing,
never always easy...
i love to chat to just about anyone!!
If I'm online, it problably means I'm pretty bored....so
feel free to message me and say hi or whatever else comes
to mind at the moment.
Hey people whats goin on? If there is anything you want
to know about me ask me... I am pretty easygoing I won't
bite....not at first anywayz hahaa.....one thing I will
say on here tho I am not into the Cyber thing so don't
even ask.....Ciao...
Hi! My name is Shreya and I am a goof off!!! So, If you
love the outdoors, travelling, books, music, movies, laffing,
teasing and/or can poke fun at yourself... please come
a hollerin'!!
I love to dance, read poetry, make people laugh, and hug
as many people a day as i can.
Single Mom of 3, Full time college student, Graduate in
December with an Associates of Applied Science in Computer
Information Systems Love the internet.
My hobbies include crochet, sewing,
painting lead figures and playing AD&D. Favorite
activities include fishing and camping. I love cats,
unicorns(go figure), and fantasy
in general.
I like to be in a company of smart, delicate, and with
a good sense of humor people. I am Bulgarian, currently
getting my Master's in International Business in USA. Favorite
actor: Michael Dudikoff
i'm tall and skiny I'm studying in Pharm. D program in
FL. i like music, movie, dancing, sports, SCUBA diving,
traveling and make a lot friends.
Nice friends, nice men, nice sex and feeling great. I
don't mind the odd bout of cybersex as I love to use my
imagination when I masterbate.
Hey, guys! by the way, I have no problems with my sexual
life, so it's absolutly useless try to have icq sex or
things like that. Thanks
I'm an open minded person and enjoy chatting w/ other
people. I'm free and willing to chat about anything. So
feel free to Imed me if you wanna chat.
I love meeting new people and making new friends. I am
a Mary Kay Beauty Consultant. I am married to a wonderful
man. We have no children, exept for a minature schnauzer
that thinks he is a child. Looking forward to meeting you.
I am from Taiwan but I study in Camden, New Jersey now.
I like to know people from different places .
I'm married and I stay at home. And I don't do cyber sex
so leave me the fuck alone
Looking forward for a response :P
添付ファイル名は次の文字列から組み合わされたものになります。
Aline
Anna
Audra
Bad girl
Barbi
Caitie
Gallery
It_I
Jammie
Juli
Julie
Katrina
Katrina
Kelley
Lisa
Mandy
Mary
Mary-Anne
Photoalbum
Photomontage
Picture
Rena
Sara
Tammy
caroline
kate
kleopatra
myfotos
rebecca
stacy
添付ファイルの拡張子は、.exe, .scr, .zip のいずれかです。 .ZIPファイルが添付されていた場合、
そのZIPファイルはパスワードで保護されていることがあります。そのパスワードはメールの本文に記載されます。
このワームが実行されると、このワームは
%sysdir% フォルダに、次のファイルを作成します。
i1ru54n4.exe
go54o.exe
ii5nj4.exe
さらに、システムレジストリに次のキーを追加します。
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"
rate.exe" = "%sysdir\i1ru54n4.exe"
このワームは、電子メールを経由して感染を広めるために、すべてのローカルドライブを検索して、
次の拡張子を持つファイルからメールアドレスを取得します。
.adb
.asp
.cfg
.dbx
.eml
.htm
.mdx
.mmf
.nch
.ods
.php
.pl
.sht
.tbb
.txt
.wab
.xml
ただし、次の文字列を含むメールアドレスに対しては自分自身を送信しません。
@avp.
@hotmail.com
@microsoft
@msn.com
local
noreply
postmaster@
root@
このワームは、すべてのローカルディスクドライブから、"shar" という名前をもつフォルダを検索して、
そのフォルダを発見したら、そのフォルダに自分自身のコピーを次のファイル名でコピーします。
ACDSee 9.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
Matrix 3 Revolution English Subtitles.exe
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Opera 8 New!.exe
Porno Screensaver.scr
Porno pics arhive, xxx.exe
Porno, sex, oral, anal cool, awesome!!.exe
Serials.txt.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Windown Longhorn Beta Leak.exe
Windows Sourcecode update.doc.exe
XXX hardcore images.exe
このワームは、バックドアを仕掛けて、TCPポート2745番を開き、悪意あるプログラムをリモートインストールすることを試みます。このワームは、次のアドレスのいずれかに接続することを試みます。さらにポート番号とランダムなID番号を送信します。
http://postertog.de/scr.php
http://www.gfotxt.net/scr.php
http://www.maiklibis.de/scr.php
このワームは、次のプログラムを停止することを試みます。
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVLTMAIN.EXE
AVPUPD.EXE
AVWUPD32.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
DRWEBUPW.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
MCUPDATE.EXE
NUPGRADE.EXE
OUTPOST.EXE
UPDATE.EXE
このワームは、2004年3月25日に活動を停止します。
NOD32アンチウイルスは、ウイルス定義ファイルのバージョン1.640にて対応しています。
NOD32アンチウイルスを最新にしてください。コンピュータをインターネットに接続して、NOD32のコントロールセンターの「更新」ボタンをクリックしてください。
