I think i have a Virus :)
Posted 02 July 2003 - 08:59 AM
I opened it, nothing happened. Me drive spun, as per but nothing happened. Btw, i had my Outlook open at the time.
Now, i open outlook to check my e-mails... I send/recieve and get an e-mail from my freind named 'application' same as the one i got form my mums work collegue. With the same file attached 'your_details.zip'.
I scanned with Norton and it picked up nothing (i have 2002 but not with updated definitions as i havent re-newed my subscription). Any ideas what this thing is?!
That actual filename in the .zip file is 'details.pif'.
Posted 02 July 2003 - 09:22 AM
Posted 02 July 2003 - 09:27 AM
C-Girl, on Jul 2 2003, 04:24 PM, said:
Spreading in e-mails
The worm spreads itself in e-mails. The infected message is composed by the worm from different, randomly selected subjects, a fixed message body and different, randomly selected attachment names. The worm's file is sent inside a ZIP archive attached to an infected message.
The worm has the following subjects hardcoded in its body:
Re: Re: Document
Re: Re: Application ref. 003644
Re: Submited (Ref: 003746)
The worm has the following attachment names hardcoded in its body. The worm's executable file name that is sent in an archive is given in brackets:
However, so far we only saw messages with the following characteristics:
Please see the attached zip file for details.
The attachment contains the worm's file with DETAILS.PIF name. The fact that the worm uses only 2 subjects and 1 attachment name indicates that the randomizing routine of the worm has a bug.
Here's a screeshot of an infected message sent by the worm:
Posted 02 July 2003 - 09:32 AM
Symantec does have a removal tol you can download...
Posted 02 July 2003 - 04:42 PM
HandyBuddy, on Jul 2 2003, 06:24 PM, said:
EDIT: Whoops! Just read flash's post. He mentionted it.
Why exactly would someone want to make a virus that stops spreading on July 12th? People can just advance their clocks...Can't they?