Saltar al contenido principal

Virus Alert: I-Worm.Updater

7 de diciembre de 2001

Kaspersky Labs reports the detection of the latest Internet worm, I-Worm.Updater. This virus was reported last week. Updater is written in Visual Basic Script, and the worm itself is an EXE file about 12Kb in length, compressed in a UPX utility. The worm spreads via e-mail by gaining access to the...

Kaspersky Lab reports the detection of the latest Internet worm, I-Worm.Updater. This virus was reported last week.

Updater is written in Visual Basic Script, and the worm itself is an EXE file about 12Kb in length, compressed in a UPX utility.

The worm spreads via e-mail by gaining access to the Outlook address book. The worm, unbeknownst to a user, sends infected messages to all addresses found in Outlook.

Several message sections contain varying features.

The Subject line consists of one part taken from four sections, and is randomly selected from the following:

Section 1: "Have you ", "You Should ", "Just ", "Why Not you ", "How to ", "Re: ", "Fwd : ", " "
Section 2: "Check ", "Check out ", "Watch out ", "Open ", "Look at "
Section 3: "this ", "my ", "For this ", "The "
Section 4: "Picture", "Program", "Patch", "Nude pic", "Report", "Documment", "Quotation", "Transaction", "Bank Account", "WTC Tragedy", "Osama Vs Bush", "Account", "Private Pic"

For example: You Should (section 1) Look at (section 2) this (section 3) Osama Vs Bush (section 4)

Body:

Hi:
This is the file you ask for, Please save it to disk and open this file, it's very important.

The worm's file attachment can be named one of the following:

"Setup.EXE", "install.exe", "Readme.exe", "Files.exe", "Picture.exe", "Quotation.Doc.exe", "Letter.Doc.exe", "Picture.jpg.exe"

Updater has some troublesome side effects. The worm creates a malicious script progrm, UPDATE.VBS, copies the program to the Windows autoloading catalogue, and releases it upon completion. This program searches for files with .EXE, .DOC, and .VBS extentions on disks, and creates a file companion for them containing the worm's copy. These file companions have the same names as the original files, plus a "second" .VBS extension. For example:

MPLAYER.EXE.vbs
REPORT.DOC.vbs

For a more detailed description of I-Worm.Updater, click here.

Defense procedures thwarting the Updater Internet worm have already been added to the latest Kaspersky Anti-Virus database update.

Virus Alert: I-Worm.Updater

Kaspersky Labs reports the detection of the latest Internet worm, I-Worm.Updater. This virus was reported last week. Updater is written in Visual Basic Script, and the worm itself is an EXE file about 12Kb in length, compressed in a UPX utility. The worm spreads via e-mail by gaining access to the...
Kaspersky logo

Sobre Kaspersky

Kaspersky es una empresa de ciberseguridad y privacidad digital global fundada en 1997. Con más de mil millones de dispositivos protegidos hasta la fecha contra amenazas cibernéticas emergentes y ataques selectivos, la profunda inteligencia de amenazas y la experiencia en seguridad de Kaspersky se transforman constantemente en soluciones y servicios innovadores para proteger a personas, negocios, infraestructuras críticas y autoridades gubernamentales en todo el mundo. La cartera de seguridad integral de la empresa incluye protección digital líder para dispositivos personales, productos y servicios de seguridad especializados para empresas, así como soluciones de ciberinmunidad para combatir amenazas digitales sofisticadas y en evolución. Ayudamos a millones de personas y a casi 200 000 clientes corporativos a proteger lo que más les importa. Más información en www.kaspersky.com.

Artículo relacionado Comunicados de prensa