W32.Yarner.A@mm

W32.Yarner.A@mm

W32.Yarner.A@mm имэйл ашиглан олон хvнд тараагддаг Delphi программчлалын хэл дээр
бичигдсэн worm юм. Уг worm Microsoft Outlook -ын address book-д байгаа бvх хаягууд
руу єєрийгєє агуулсан хавсралт бvхий имэйл илгээдэг бєгєєд ингэхдээ SMTP серверын
код болон системын тохиргоог ашигладаг байна. Үvнээс гадна тухайн халдварласан
компьютерт байгаа бvх файлуудыг устгадаг.

Захианы vндсэн текст герман хэл дээр
бичигдсэн байдаг ба "Trojaner-Info Newsletter followed by the current date"
гэсэн subject, yawsetup.exе гэсэн нэртэй хавсралт файлтай байдаг.

W32.Yarner.A@mm вирусээр халдварласан компьютерийн тоо бага байгаагаас шалтгаалан
Symantec
корпораци нь уг вирусын хор хєнєєл учруулах зэргийг 3 байсныг багасган 2 болгосон.

Тєрєл: worm
Илэрсэн он сар єдєр: 2001.2.19
Захианы subject: Trojaner-Info Newsletter [current date
Хавсралтын нэр: yawsetup.exе
Хавсралтын хэмжээ: 427 КВ
Тархалт: Их
Хор хохирол учруулах зэрэг:2
Хор хохирол:
1. Microsoft Outlook -ын address book-д байгаа бvх хаягууд руу єєрийгєє агуулсан
хавсралт бvхий имэйл илгээх байдлаар тархана.
2. notepad.exe файлыг дарж єєрчилнє.

Идэвхжиж эхлээд уг worm дараах vйлдлvvдийг хийнэ.
1. Єєрийгєє %WinDir%\notepad.exe гэсэн нэртэйгээр хуулна. Ингэснээр Notepad-ыг
ажиллаж эхлэхэд уг worm идэвхжин уг программ руу халдахыг оролддог.
2. Мєн єєрийгєє %WinDir%\[random characters].exe гэсэн нэртэйгээр хуулж
HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce регистрт
[тэмдэгтvvд санамсаргvй сонгогдсон байна] = [санамсаргvй тэмдэгтvvд ].exe гэсэн
утгыг нэмж єгнє.
3. MAPI- протоколыг ашиглан Microsoft Outlook-ын address book-д байгаа хаягууд
руу yawsetup.exe гэсэн нэртэй файл илгээж .php, .htm, .shtm, .cgi, .pl єргєтгєлтэй
файлуудыг хайдаг.
Илгээгдэх захианы утга доорх байдалтай байна.
Subject: Trojaner-Info Newsletter [Current Date]
Vндсэн текст:
Hallo!Willkomen zur neuesten Newsletter-Ausgabe derWebseite Trojaner-Info.de.
Hier die Themen im Ueberblick:
01. YAW 2.0 – Unser Dialerwarner in neuer Version
************************************
01. YAW 2.0 – Unser Dialerwarner in neuer Version
Viele haben ihn und viele moegen ihn – unseren Dialerwarner YAW. YAW ist nun
in einer brandneuen und stark erweiterten Version verfuegbar. Alle unsere Newsletterleser
bekommen ihn kostenlos zusammen mit diesem Newsletter.Also einfach die angehaengte
Datei starten und YAW 2.0 installieren. BeiFragen steht Ihnen der Programmierer
des bislang einzigartigen Programmes Andreas Haak unter andreas@ants online.de
zur Verf gung. Viel SpaЯ mit YAW!
<http://www.trojaner-info.de/dialer/yaw.shtml>
************************************
Das war die heutige Ausgabe mit den aktuellsten Trojaner-Info News. Wir bedanken
uns fuer eure Aufmerksamkeit und wuenschen allen Lesern noch eine angenehme
Woche.Mit freundlichem Gruss Thomas Tietz & Andreas Ebert
<http://www.trojaner-info.de>
************************************
Anzahl der Subscriber: 5.966 Durchschnittliche Besuchzahl/Tag: 4.488 Diese Mail
ist kein Spam ! Diesen Newsletter hast du erhalten, da du in unserer Verteilerliste
aufgenommen wurdest. Solltest du unseren Newsletter nicht selber abonniert haben,
sondern eine andere Person ohne dein Wissen, kannst du diesen auf unseren Seiten
wieder abbestellen. Oder sende uns einfach eine entsprechende E-Mail.

4. Мєн %WinDir%\kernei32.daa , %WinDir%\kernei32.das гэсэн нэртэй файлууд vvсгэнэ.
Эдгээр файлууд нь вирус биш боловч тухайн worm-ын ашигладаг сервер болон хаягуудын
тухай мэдээллийг агуулдаг.
5. Эцэст нь Windows -ын vйлдлийн системийн install болон бусад драйвер фолдеруудад
байгаа бvх файлуудыг устгадаг.

 

{mos_fb_discuss:2} 

 

 

Date: September 27th, 2007 | Categories: Вирус | By: | Comments: 1,915

1,915 Responses to W32.Yarner.A@mm

    Hello! I just wish to offer you a huge thumbs up for your great information you have got here on this post. I am returning to your blog for more soon.

    This page definitely has all of the info I wanted concerning this subject and didn’t know who to ask.

    Hi there this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding know-how so I wanted to get advice from someone with experience. Any help would be enormously appreciated!|

    cialis for women best time to take cialis cialis coupon cvs

    bookmarked!!, I like your web site!

    Good article! We will be linking to this particularly great article on our site. Keep up the good writing.

    We absolutely love your blog and find a lot of your post’s to be exactly I’m looking for. Does one offer guest writers to write content available for you? I wouldn’t mind composing a post or elaborating on a lot of the subjects you write concerning here. Again, awesome site!|

    Aw, this was an exceptionally good post. Taking the time and actual effort to generate a good article… but what can I say… I procrastinate a whole lot and don’t seem to get nearly anything done.

    Everything is very open with a clear description of the challenges. It was truly informative. Your site is very helpful. Thank you for sharing!

    Keep on writing, great job!|

    This website was… how do you say it? Relevant!! Finally I’ve found something which helped me. Cheers.

    cialis commercial cialis prescription cialis dose

    Everyone loves it when people get together and share thoughts. Great website, continue the good work!|

    I like the helpful information you provide in your articles. I will bookmark your weblog and check again here regularly. I am quite sure I will learn many new stuff right here! Best of luck for the next!

    I blog often and I seriously appreciate your information. The article has really peaked my interest. I will book mark your website and keep checking for new details about once a week. I opted in for your Feed too.

    I think this is one of the most vital info for me. And i am glad reading your article. But want to remark on few general things, The website style is ideal, the articles is really excellent : D. Good job, cheers|

    I need to to thank you for this very good read!! I definitely loved every bit of it. I’ve got you saved as a favorite to check out new stuff you postÖ

    meds online without doctor prescription canadian prescription canada pharmacy online reviews

    Remarkable issues here. I am very happy to see your post. Thank you a lot and I am taking a look forward to contact you. Will you kindly drop me a e-mail?|

    Hi! Do you know if they make any plugins to safeguard against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any recommendations?|

    After I originally left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and now whenever a comment is added I receive four emails with the exact same comment. Is there a means you are able to remove me from that service? Kudos!|

    buying drugs canada pharmacy intern generic viagra online pharmacy

    This excellent website truly has all of the information and facts I needed concerning this subject and didnít know who to ask.

    how long for cialis to peak levitra vs cialis 20mg cialis

    Hello there, You have done an incredible job. I’ll definitely digg it and personally suggest to my friends. I’m sure they’ll be benefited from this site.|

    Non-specific Information Far this offshoot
    https://levitrahill.com levitra

    Great article, just what I was looking for.|

    It’s an awesome piece of writing for all the web users; they will obtain benefit from it I am sure.|

    When I originally left a comment I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on each time a comment is added I recieve four emails with the exact same comment. Perhaps there is a means you can remove me from that service? Thanks!

    An interesting discussion is worth comment. I believe that you need to publish more about this topic, it may not be a taboo matter but typically people do not talk about these issues. To the next! Best wishes!!

    My brother suggested I might like this website. He was totally right. This post actually made my day. You can not imagine simply how much time I had spent for this info! Thanks!|

    Hi there everyone, it’s my first go to see at this site, and post is genuinely fruitful designed for me, keep up posting these posts.|

    I was able to find good information from your content.|

    Good day! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?|

    tadalafil) liquid tadalafil for sale what is tadalafil used for

    Pretty! This was a really wonderful post. Thank you for providing this info.

    cialis side effects cialis over the counter does cialis lowers blood pressure

    I got this web page from my pal who told me on the topic of this web site and now this time I am browsing this site and reading very informative articles or reviews at this time.|

    You are so awesome! I do not believe I’ve truly read something like that before. So nice to find someone with a few original thoughts on this subject. Seriously.. thanks for starting this up. This site is one thing that is needed on the internet, someone with a bit of originality!

    For hottest news you have to pay a visit the web and on world-wide-web I found this site as a finest website for most up-to-date updates.|

    Hello there, You’ve performed an excellent job. I’ll certainly digg it and for my part suggest to my friends. I am sure they will be benefited from this site.|

    Greetings! Very helpful advice in this particular post! It’s the little changes that make the largest changes. Many thanks for sharing!|

    There is certainly a great deal to learn about this subject. I like all of the points you made.

    I loved as much as you’ll receive carried out right here. The sketch is attractive, your authored subject matter stylish. nonetheless, you command get got an edginess over that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly a lot often inside case you shield this hike.|

    Hey! I know this is kinda off topic however I’d figured I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa? My website covers a lot of the same topics as yours and I feel we could greatly benefit from each other. If you happen to be interested feel free to shoot me an email. I look forward to hearing from you! Terrific blog by the way!|

    Ridiculous quest there. What occurred after? Take care!|

    I really like your blog.. very nice colors & theme. Did you create this website yourself or did you hire someone to do it for you? Plz reply as I’m looking to construct my own blog and would like to find out where u got this from. cheers|

Leave a Reply

Message:*

Name:

Email:

Website: