Loading ...
Sorry, an error occurred while loading the content.

Fw: Virus Info : W32/Duni-A

Expand Messages
  • Muhammad Mansoor
    Hotmail users have been seen complaining about some unknow emails in their inbox. Please read the full email to get updated on this issue. If you have any mail
    Message 1 of 1 , Aug 1, 2002
    • 0 Attachment
       
       

      Hotmail users have been seen complaining about some unknow emails in their inbox. Please read the full email to get updated on this issue. If you have any mail that resembels the details given below please do not hesitate and delete it immediately. Uppdate the latest virus definations to get protected.

       
      Regards
      Muhammad Mansoor

       

      W32/Duni-A

      Aliases
      W32.Duni.Worm, I-Worm.Duni, W32/Dadinu
      Type
      Win32 worm
      Detection
      A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the August 2002 (3.60) release of Sophos Anti-Virus.

      Sophos has received several reports of this worm from the wild.

      Description

      W32/Duni-A is an email worm which uses a wide range of subject lines and
      attachment names. The subject line is chosen from:

      Esta si que es zorra!!!
      Fotos de asesinatos, Jack el Destripador, Charles Manson, y muchos mas para decorar tu escritorio.
      Yeahhh Mutha Facka... NY Brookling in your NET.
      Genera passwords para poder entrar a las webs mas putonas de la red, y gratis, incluso podras bajar peliculas porno.
      Para los verdaderos amigos...
      Test de amor.
      30 pregutas para saber si tu pareja te enga
      !La imagen de cristo en un bosque.
      mira como seria un mundial en la antigua mesopotamia.
      Fotos de Cristo para decorar tu escritorio.
      Te han enviado una postal.
      Te acuerdas de mi?
      Asi se hace el amor...
      Asi me gusta a mi...
      Esto doleria mucho, mucho :-).
      Si esto no me lo regresas me sentire mal.
      La vida despues de la muerte.
      Me cambie de correo, aver si ahora me escribes...
      Leelo y reenvialo a quienes mas amas.
      Cancion de amor, para ti.
      Paulina Rubio y su zorrita cosmica...
      No todo lo que uno lea sobre el servicio de webmail de Microsoft es cierto.
      !Ver el listado de falsas alarmas.
      !ja, la han cagado con este video.
      Bin Laden DT de la seleccion de arabia...
      Bin Laden nuevo goliador de Arabia saudita , jaaaaaaa.
      Bin Laden presidente de la FIFA.
      Dime que te parece esta animacion.
      Una broma para las secretarias, ja ja.
      Test para secretarias, para saber que tan tontas son.
      41 preguntas para saber si alguien es sicopata.
      mira esto es mas ordinario que gato con hanta, juaaaaaaaaaaaa.
      listado de ultimas mentiras que circulan por los mails.
      Last hoaxes list.
      como te gustarian este par de tetitas.
      Leelo y reenvialo a quienes mas amas.
      mira esto es mas ordinario que gato con hanta, juaaaaaaaaaaaa.
      listado de ultimas mentiras que circulan por los mails.
      Bin Laden killing muthaFaka bill gates.

      and the attachment name from:

      zorrita.cpl
      jack.cpl
      sickofitall.cpl
      analpasswords.cpl
      poema_angelical.cpl
      testdeamor.cpl
      Adulterio_en_tus_narices.cpl
      Cristo.cpl
      mundial.cpl
      cristo2002.cpl
      postal_de_mi_alma.cpl
      estesoyyo.cpl
      milposiciones.cpl
      como_como.cpl
      por_ahi_noooooo.cpl
      lomasimportante.cpl
      vidaymuerte.cpl
      siemprevivir@...
      milvidas.cpl
      comoolvidarte.cpl
      paulinasex.cpl
      mentiras_en_hotmail.cpl
      listado_de_hoaxes.cpl
      zapato_en_el_culo.cpl
      binladenDT.cpl
      gooooooool.cpl
      Fifaladen.cpl
      secretarias.cpl
      test_secretontas.cpl
      sere_yo_uno_de_esos.cpl
      scarycrai.cpl
      mentiras_mails.cpl
      mcaffehoaxlist.cpl
      tetris2002.cpl
      zandias_meloones.cpl
      quien_como_tu.cpl
      portymore.cpl
      listado_de_porquerias.cpl
      billgatesscream.cpl

      The worm finds addresses to send itself to in the user's MSN Messenger contact list using the server mail.hotmail.com.

      W32/Duni-A also attempts to use the KaZaA peer-to-peer network to spread. The worm copies itself to the user's KaZaA download area using one of the following filenames:

      DivResidentEvil.ZIP.cpl
      SpidermanDesktop.cpl
      Porno_sTar.cpl
      AXEbahia.cpl
      NuevosVideosProfesorRossa.cpl
      NewVideo_Blink182.cpl
      LagWagon&Blink182.cpl
      Hacking.cpl
      AllMcAfeeCrack.Cpl
      Britney_spearsVSDavidBeckham_AnalPasions.cpl
      JamieThomasVSrodneyMullen.cpl
      MariguanaDesktop.cpl
      AgeOfEmpires2_Crack.cpl
      Mames.Zip.cpl
      terminator2.cpl
      BinladenFuckinBillGates.cpl
      AnalPasswords.cpl
      ElvisDesktop.cpl
      AVP_Spanish.cpl
      ZoneAlarmCrack.cpl
      HardXCore.cpl
      PhotoShop6.xCrack.cpl
      BioHazard.cpl
      VisualBasic.Net.cpl
      Zidane.Taliban.cpl
      VideoPortoSeguro.cpl
      sexo_en_la_calle.cpl
      sexo_anal_full_video.cpl
      sexo_oriental_full_video.cpl
      muertes_videos.cpl

      When the worm is run it will create copies of itself in the root folder and the Windows folder. These copies will have a name consisting of a random number and the extension .CPL. The worm then adds the following registry entry so that the copy in the Windows folder is run each time Windows is started:

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run

      W32/Duni-A attempts to interfere with anti-virus software by deleting the files C:\archiv~1\perav\pav.dll, C:\archiv~1\perav\per.dll, C:\program files\perav\pav.dll and C:\program files\perav\per.dll and the files PAV.EXE, \bases\avp.set, \system\vshield.vxd, \system32\vshield.vxd and \vshield.vxd from the Windows folder.

      It also modifies the following registry entries:

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Pav.exe
      HKLM\Software\KasperskyLab\SharedFiles\Folder.

       
    Your message has been successfully submitted and would be delivered to recipients shortly.