Wurm im Windows (.NET) Messenger

10.10.2002, 11:21
Avatar Robert

Beiträge: 2283
#1 Kaspersky hat einen neuen Wurm entdeckt, der sich über den Windows (.NET) Messenger (Bestandteil von Windows XP) verbreitet und die CD-Keys von Counter-Strike und Half Life stiehlt.

The Fleming Internet worm is a 32-bit Windows application (.exe file)
with a size of 53,248 bytes and written in Visual Basic. The worm
spreads via the Windows (.NET) Messenger Internet chat program that is
built into Windows XP. The worm circulates a message written in English
that proposes recipients download a program supposedly developed by the
message's author. Message text is as follows:

"Hey!! Could you please check out this program for me? ;) I made it
myself and want people to test it. Its a readme with the program that
explains what it does! http://home.no.net/downl0ad/BR2002.exe"

The Internet address appearing in the message
(http://home.no.net/downl0ad/BR2002.exe) contains a copy of the worm.

Fleming does not install itself into the system and is triggered into
action only if users launch its code (for example, double-clicking on
the program icon in Windows Explorer). When launched, Fleming attempts
to download two files from the Internet site
"http://home.no.net/downl0ad/". The names and save locations of these
two files are:


Next the worm connects with Windows (.NET) Messenger and waits for
incoming messages. When it receives several messages from the user
"styggefolk@hotmail.com", Fleming sends out a reply containing
registration information (CD-Keys) from Counter-Strike and Half-Life.

Fleming also finds the Windows (.NET) Messenger contact list and sends its
message to each entry.

According to Kaspersky Labs, at this time, the Internet resource
"http://home.no.net/downl0ad/BR2002.exe" is locked.

powered by http://different-thinking.de - Netze, Protokolle, Sicherheit, ...
Seitenanfang Seitenende