[grrltalk] RE: [techtalk] heads-up: M$ (e-mail) virus making rounds.

Darren darren at osadchuk.org
Thu May 4 18:43:31 EST 2000


On Thu, 4 May 2000, Stephanie Alarcon wrote:

>This is possibly a stupid question, but
>http://www.drsolomons.com/home/vbslove.htm talks about this:
>
>------------------------------------------
>This worm also has another trick up it's sleeve in that it tries to
>download
>and install an executable file called
>WIN-BUGSFIX.EXE from the Internet. This exe file is a password stealing
>program
>that will email any cached passwords
>to the mail address MAILME at SUPER.NET.PH
>------------------------------------------
>
>Is that "win- bugfix" thing as new as the virus or has it been around for
>a while?  
>Did a couple searches and came up empty-handed.

Reports indicate that it's as new as the virus. There are four URLs on two
domains that MSIE might try to download it from. Both sites are located in
the Phillipines -- I'm not sure if this is why people think it originated
there, or if this is corroborating evidence for that.

Apparently, after it downloads the program, it changes the MSIE start page
to 'about:blank' to cover its tracks and modifies the registry so that the
bugfix.exe program starts when Windows starts. I haven't yet read anything
that says what bugfix.exe actually does, though.


-- 
darren at osadchuk.org                       http://www.osadchuk.org
         "Funny thing about outside: it's just like TV."







More information about the Techtalk mailing list