|
According to Computer Associates
Win32.Nimda.B worm (Also known as W32/Nimda.B@MM)
Win32.Nimda.B is similar in function to the original Win32.Nimda.A
worm
Win32.Nimda.B differs from the original in the following manner:
- It is packed (with an EXE packer called PCShrink)
- The attachment filename in the EML files and emails has been
changed from "readme.exe" to "puta!!.scr"
- The filename it opens from infected HTML file has been changed
from "readme.eml" to "puta!!.eml"
- The filename it copies to the Windows System directory has
been changed from "load.exe" to "puta.scr",
as well as the corresponding change to the shell= line in SYSTEM.INI.
Win32.Nimda.C worm (Also known as W32/Nimda.C@MM)
Nimda.C is a compressed version of the original Nimda.A
worm. It is functionally identical to Nimda.A.
At the time of writing, Computer Associates had not received any
reports of this worm form its customers, but are posting this
description in response to customer interest.
These virus can be viewed in there entirety at the Computer Associates
Virus Encyclopedia.
|
"I send you this article in order to give you advice:
SirCam, the annoying e-mail worm that simply won't go away, will
turn feral Oct. 16.
According to analysis of SirCam's code, every year on Oct.
16 the worm will delete all the files and folders
contained on the hard drives of randomly selected
SirCam-infected computers. "
"the
worm's nasty little game of chance next Tuesday, when SirCam will
begin deliberately selecting victims for mass file deletion from
among all infected computers' whose "Date/Time" system
settings use the "Day/Month/Year" format. It
will not activate on computers that use the "Month/Day/Year"
format."
If you would like to read the full article visit http://www.wired.com/news/
technology/0,1282,47476,00.html
|
