[grrltalk] RE: [techtalk] heads-up: M$ (e-mail) virus making
rounds.
Darren
darren at osadchuk.org
Thu May 4 18:43:31 EST 2000
On Thu, 4 May 2000, Stephanie Alarcon wrote:
>This is possibly a stupid question, but
>http://www.drsolomons.com/home/vbslove.htm talks about this:
>
>------------------------------------------
>This worm also has another trick up it's sleeve in that it tries to
>download
>and install an executable file called
>WIN-BUGSFIX.EXE from the Internet. This exe file is a password stealing
>program
>that will email any cached passwords
>to the mail address MAILME at SUPER.NET.PH
>------------------------------------------
>
>Is that "win- bugfix" thing as new as the virus or has it been around for
>a while?
>Did a couple searches and came up empty-handed.
Reports indicate that it's as new as the virus. There are four URLs on two
domains that MSIE might try to download it from. Both sites are located in
the Phillipines -- I'm not sure if this is why people think it originated
there, or if this is corroborating evidence for that.
Apparently, after it downloads the program, it changes the MSIE start page
to 'about:blank' to cover its tracks and modifies the registry so that the
bugfix.exe program starts when Windows starts. I haven't yet read anything
that says what bugfix.exe actually does, though.
--
darren at osadchuk.org http://www.osadchuk.org
"Funny thing about outside: it's just like TV."
More information about the Techtalk
mailing list