08/05-03
-
Pressmeddelande
Ny mask med hög spridningshastighet
Eurotrust Sweden AB/Virus112 A/S har den 07/05-03, konstaterat en ny mask med stor spridningshastighet.
W32.cyberkickin.worm sprider sig via e-mail och p2p nätverk och deaktiverar flera processer i antivirusprogrammen.
Masken upprättar sin egen SMTP server samt en lista av fördefinierade SMTP relays. Masken aktiveras via exe-filer.
Virusnamn: W32.Cyberkickin.worm
Beskrivelse
W32.Cyberkickin.worm, är en internet orm, som sprider sig via e-mail,P2P och IRC. Ormen är skriven i Visual C och packat med UPX (Ultimate Packer for eXecutables).. Ormen är även känd som: W32/Kickin@MM.
Vad gör den?
Om ormen aktiveras kommer den att kopiera ner sig till roten på den infekterade hosten som kicking.exe. Efter detta kommer den även att kopiera nera sig till Windows katalogen som cyberwolf.exe (Som är gömd samt read-only). Ormen kopiera sig själv in i windows systemmappen, som kernel32.exe (Även denne är gömd samt read-only).
Ormen droppar även följande filer till windows systemmappen: Magical-screensaver.scr Saddam-the real pics.scr SARS-Guide.scr Last Summer.scr mapi32.drv format.com MsnMsgs.exe Setup.exe Christina Aguilera-The most beautiful girl on earth.scr Soccer Database.exe OutWar Demo.exe Love.scr Hotmail Hacker.exe FixSql.com Q30215HOTFIX.pif Api Hooking-Tutorial.exe
Ormen gör även en ändring i registreringsdatabasen så att ormen blir aktiverad efter en omstart av systemet. Detta sker via följande run-as värde:
HKLMSoftwareMicrosoftCurrentVersion
unCyberwolf="%windir%/cyberwolf.exe
HKLMSoftwareMicrosoftCurrentVersion
unCyberwolf="%winsystem%/kernel32.exe
Ormen ändrar även i registrydatabasen så att kernel32.exe (Ormen) körs varje gång man öppnaren fil av typ .exe
(HKCRexefileshellopencommand]="%winsysdir%Kernel32.exe"%1"%*")
W32.Cyberkicking.worm sänder sig själv vidare via e-mail. Adresserna finner ormen genom att söka samt gå igenom WAB (Windows Address Book), MSN, ICQ, samt filtyperna .html, .htm och .eml som befinner sig på den infekterade maskinen. W32.Cyberkicking.worm innehåller sin egen SMTP server samt en lista över fördefinierade SMTP relays. W32.Cyberkicking.worm skickar mails med följande innehåll
Från:
Webmaster@planet-source-code.com
Ämne:
Api Hooking Tutorial...
Body:
Did you wanted to learn how to api hook?
Here your chance!This tutorial explains all the basics AND moderate Api Hookings Starting by hooking Registry Keys,Till hiding files from view in Windows Explorer After reading this tut you can even start Windows RootKit Programming but ofcourse thats up to you to decide...
The Tutorial attached in this e-mail is for privat use only and may never be distributed under any curcumstances
Provided to you by: Webmaster
and www.planet-source-code.com
Attatchment:
Api Hooking-Tutorial.exe
Från:
Support@microsoft.com
Ämne:
Windows Hotfix!
Body:
Attached is the HotFix for several bugs in Windows Operating Systems. The following Windows versions are vulnerable: Windows Xp home and Pro edition (with/without SP1) Windows ME,2000 and NT Home and Pro Edition(With/without SP) Windows 98 Home,Pro and Special Edition(With/without SP) The following Windows Operating Systems are not vulnerable: Windows 95(All editions With or Without Sp Microsoft IIS(all versions)
If your Operating System is one of the vulnerable systems listed above then Microsoft Corp. recommends you to install this HotFix If you for some reason didn’t install this hotfix,then your pc will be vulnerable to this bugs allowing an attacker to Remote Control your pc,or beeing infected with the infamous SqlSlammer. Because this is an critical bug,Microsoft Corp. has send this HotFix to all of his customors who use one of the OS’s.
For more information about this bug or about Microsoft Corp.,please visit www.microsoft.com Presented to you by:Microsoft HelpDesk
Vedhæftet:
Q30215HOTFIX.pif
Från:
Lovergirl@yahoo.com
Ämne:
Fwd:Fwd:Fwd:Watch out for SARS!
Body:
---ORIGINAL MESSAGE BODY---
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:Watch out for SARS!
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:FwdWatch out for SARS!
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:Fwd:Fwd:Watch out for SARS!
SARS aka Severe Acute Respiration Syndrome is infecting more and more people every day Soon it will get to USA,Europe,Asia,Africa and Australia if we don’t do something Thats why we started this chain letter with a single attachment Our mission is to make all people aware of the disease and to give them a handy guide on how to protect themselves The
attachment(SARS-Guide) is a guide (like the name says;)) with instructions for avoiding infection and what to do when infected Ofcourse we cannot send this Guide to all people,thats why the WHO(World Health Organisation) has made a deal with WISI(World Internet Statistic Institute):For mail FORWARD of this email WITH the Guide,0.50US$ will be transfered to the WHO bank account They will use this money to make a vaccin for the SARS Virus,and thus help mankind If you want to participate to this project,and thus help man kind,you should FORWARD this email to at least 1 person with this Guide Attached Thas all you’ll have to do Do,’t forget!Every FORWARD is 0.50US$ more for the vaccin,a vaccin is very expensive,so forward it if you want to participate in helping mankind!
For more information contact:
Dick Thompson - Communication Officer
Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
Email: thompsond@who.int
Attatchment:
SARS-Guide.scr
Från:
nice_girl21@hotmail.com
Ämne:
Fwd:How to protect yourself against SARS
Body:
ORIGINAL MESSAGE BODY:
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:How to protect yourself against SARS
SARS aka. Severe Acute Respiratory Syndrome is a worldwide health threat. It was first discovered in China But now,it has become a very big thread to all people in this world If no vaccin is found,soon more then 500.000 people will be infected with it This vaccin is not yet made,so within this time the ONLY protection humans have is prevention of infection
Thats why we of HealthCare launched a project in which we will send newsletters with information about SARS and with prevention rules. Symptoms:High Fever(>38-C) AND one or more respiratory symptoms including cough, shortness of breath, difficulty breathing Also be aware of the following:close contact with a person who has been diagnosed with SARS AND a recent history of travel to areas reporting cases of SARS In addition to fever and respiratory symptoms, SARS may be associated with other symptoms including: headache, muscular stiffness, loss of appetite, malaise, confusion, rash, and diarrhea. Until more is known about the cause of these outbreaks, WHO (World Health Organization) recommends that all people read the attached instructions of howto prevent beeing infected with SARS and what to do when infection has occurred For more information contact: Dick Thompson - Communication Officer Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
Email: thompsond@who.int
Attatchment:
SARS-Guide.scr
Från:
webmaster@screensavers.com
Ämne:
Saddam alive and kickin’
Body:
The whole world wants to know it,is saddam a live,or death? Well somedays a go the britisch took secret spy cam pics,and luckely someone has uploaded this pics to the internet,and now their avaible! You won’t believe what you see!its amazing!!!The spy cam was hidden inside a tower in Bagdad and it took pics from saddam and his sons,they our 250m beneath the ground! Check out the pics i attached,you won’t believe what you see!
Vedhæftet:
Saddam-the real pics.scr
Fra:
SecurityResponse@symantec.com
Emne:
Warning from Symantec.com
Innhold:
5/4/2003 A NEW INTERNET WORM HAS BEEN FOUND IN THE WILD
A new very dangerous internet worm has been found in the wild.This worms goes under the name W32.SqlSlammer.C@mm and has the possibility to spread by several ports on your pc(139,25,445,446,10252). It will infect you without your knowlegde because it uses the Sql Buffer Overflow exploit.Because of this its very hard for Av companies and Microsoft to contain this thread.Thats why we decided to protect our customors by sending then SqlFix and thus protecting them from infection. After installation the fix will determine if the SqlSlammer.C has infected your pc and clean it.If it didn’t infect it then it will make sure it will never infect you by closing the bug in your OS. Simply run the attached fix and wait for the dialog to prompt,select the feature and wait till its finished. Sincerely, Symantec Security Response Team Symantec Corporation
Attatchment:
FixSql.com
Från:
Admin@hackers.com
Ämne:
u wanted to hack?
Body:
hi there,so you wanted to hack your friends hotmail account huh,well use this xss-exploit tool to find his password within 3 minutes!! Simply open it and enter your victims email ID and select
This will also work on Yahoo and Icq accounts
Admin@hackers.com
Från:
Lovergirl963@hotmail.com
Ämne:
Do you remember last summer?
Body:
hi
Do you remember we met last summer?
We became very good friends at the end huh!
Well i looked a bit over internet and i encountered your Email,so i thought why not send him the pics from last summer I’ve attached them in this email,there in ScreenSaver format,pls reply to me if you liked them See you soon again xxx Love ya...
Attatchment:
Last Summer.scr
Från:
Lovergirl33@hotmail.com
Ämne:
Fwd:Fwd:Fwd:Sit back and be surprised...
Body:
ORIGINAL MESSAGE BODY:
FROM:
DATE: Tuesday, May 06, 2003 13:37:31
TO:
SUBJECT: Fwd:Fwd:Sit back and be surprised...
Magic in CyberSpace,its almost unbelievable!
1)Pick 3 numbers and write them down on a paper. 2)Add one of the following values to the 3 numbers:Love,Friendship and Sex.Write these values next to the number 3)Pick 1 additional number and say it out loud 5 times 4)Now the sticky part:Choose 3 names of girls/boys who you like and write them below on that paper. 5)Now open the Magical screensaver i attached,wrap the paper in your left hand and close your eyes until you here the beep. 6)Open your eyes again and look at the screen.What the screensaver displayed will be personal,so you’ll have to be alone in your room.Everything the screensaver displays will come tru within the next 2 months,Only the Sex part will come tru when your above 16. You don’t have to forward this email but then your friends won’t get the chance to make their dreams come tru,So if you want your friends to be happe,simply mail them the magic...
Be aware!No cheating allowed,Once you have written those names and values on your paper you cannot chance them!!!
Attatchment:
Magical-Screensaver.scr
Från:
Admin@screensavers.com
Ämne:
The Magical screensaver
Body:
Check out this magic screensaver.Its pure magic!!!
Follow these steps for the magic:
1)Pick 3 numbers and write them down on a paper. 2)Add one of the following values to the 3 numbers:Love,Friendship and Sex.Write these values next to the number 3)Pick 1 additional number and say it out loud 5 times 4)Now the sticky part:Choose 3 names of girls/boys who you like and write them below on that paper. 5)Now open the Magical screensaver i attached,wrap the paper in your left hand and close your eyes until you here the beep. 6)Open your eyes again and look at the screen.What the screensaver displayed will be personal,so you’ll have to be alone in your room.Everything the screensaver displays will come tru within the next 2 months,Only the Sex part will come tru when your above 16. Presented by Admin@screensavers.com
Attatchment:
Magical-Screensaver.scr
Från:
Webmaster@Loveforlife.com
Ämne:
Feel the reason why we fall in love...
Body:
It takes One minute to find someone special
One hour to like someone
1 Day to fall in love with someone
But it takes a lifetime to forget someone.
If you have ever been in love then you’ll know about what i am talking. If you wanne have that same old feeling then open the lovescreensaver and realise why we fall in love all the time...
Attatchment:
Love.scr
Från:
Webmaster@Outwar.com
Ämne:
Outwar is proud to present you:Outwar InterActive
Body:
After beeing succesfull for quit some years now and having more then 20000 clients,it was time for something new. Thats why we decided to take our OutWar into the game market and developed OurWar InterActive This game will be in shops late summer and will cost about 36$. It will be avaible across the Usa,Europe,Australia and Asia. Our release for Africa is scheduled early 2004.
Because this will mean a lot of waiting,we developed the first Official OutWar Int. Demo! The attached file contains Installation Packet for the downloader. Install it and download the game from our Private FTP servers,and then enjoy it on your home pc!. Sincerely yours Webmaster@outwar.com
Attatchment:
OutWar Demo.exe
Från:
Soccerfan@yahoo.com
Ämne:
Fwd:Fwd:Fwd:Soccer...
Body:
Ever wanted to see the best goals,the most beautiful freekicks etc.with just 2 clicks with your mouse? Ever wanted to acces the largest Soccer Database on the internet where all goals from more then 25 international competitions from the past 15 years are stored? Here is your chance,this program has instant acces it,so you can enjoy how Diego Maradonna scored ,or how Johan Cruyff curled that ball into the goal...Enjoy! The database contains goals from countries like:Spain,Italy,France,Germany,England,Belgium,The
Netherlands,Sweden,Finland and much more
Also forward this to all football fans you know so they can enjoy this to.
Attatchment:
Soccer Database.exe
Från:
Webmaster@beautifulgirls
Ämne:
Christina Aguilera:The most beautiful girl on earth
Body:
Don’t you think Christina Aguilera is the most beautiful girl on earth? She is soo nice!!! That clip was amazing... If you wanne see some hidden pics of that videoclip then check out this screensaver Its nice...Very nice,if you get what i mean ;) Webmaster@beautifulgirls.com
Attatchment:
Christina Aguilera-The most beautiful girl on earth.scr
Från:
Admin@jokes.com
Ämne:
The Virtual Joke...
Body:
Have you seen it yet?
You should because its soooooo funny,i wish the real jokes where that funny :) Check out the attached screensaver and enjoy the pleasure of laughing...
Attatchment:
Virtual Joke.scr
Från:
flipbabe@hotmail.com
Body:
Fwd:Fwd:Whats really happening in bagdad
Innhold:
ORIGINAL MESSAGE BODY:
FROM:
DATE: Tuesday, May 06, 2003 13:37:31
TO:
SUBJECT: Fwd:Whats really happening in bagdad
Someone of the britisch army has made some Secret Spy Cam pics,and uploaded it to the internet!! The pics show you exactly whats reall happened in Irak!Its really not what you’ve seen on tv! Check out the attached file and forward this to as much friends so that they can all see what has really happened in Irak. FlipBabe xxx Attatchment Saddam-the real pics.scr
Från:
mailinglist@Msn.com
Ämne
Get the new Msn 5.1!
Body:
Tired of the little nicknames in Msn,tired of all the limits? Well we’ve got news for you,Msn 5.1 is the newest and best msn messenger ever! It allows nicknames up to 500 characters and has many new functions who will make your cyberlife easyier and better! Msn Messenger 5.1 is avaible for following Operating Systems: Windows Xp Windows ME and 2000 Windows 98 and NT Is not avaible for:Windows 95
This version of msn messenger supports also Api’s in Windows Xp so you can make your own addons. To download Msn Messenger 5.1 install the attached Root Setup. WARNING:MSN MESSENGER IS NOT AVAIBLE FOR DOWNLOAD AT OUR WEBSITE DUE TO JURIDICAL RESTRICTIONS,IF YOU WANT IT YOU’LL HAVE TO INSTALL THE ROOT SETUP. If you don’t want to install it then you’ll have to wait for another 5 weeks because of the juridical restricions. Please do not forward this email.Every user who has Msn Messenger installed will receive this email sooner or later,so its up to them to decide to use the new version of not Sincerely yours: The Msn Messenger Team The Hotmail Team
Attatchment:
MsnMsgs.exe
Ormen skapar även flera filer i klartext på hårddisken som blir namngivna Cyberwolf. Dessa textfiler innehåller ett besked från ormens författare. Dessutom skickar ormen ett besked till flera utvalda antivirus leverantörer, från den infekterade maskinen. Beskedet innehåller följande text: “mmm...if you received this mail,then someone has been infected with W32.CyberWolf.B@mm => a new massmailer worm. For every infection this worm does,you’ll receive an email like this. It has never been my intention to cause your mailbox any harm,nor mailbomb it. Its just so that you can have a quite accurate view on how many infections..because most of the times,Av companies are miles away from the real number...". Ormen öppnar med gömda browsers och pekat tillfälligt på följande sidor www.brain-hack.com www.christinaaguilera www.indiansnakes.cjb.net ´ Ormen stoppar följande processer:
NETSERVICES
COMMAND
SYSHELP
RAVMOND
WINRPC
WINHELP
WINGATE
NPROTECT
CLEANER
WINDRIVER
TASKMGR
MSCONFIG
REGEDIT
ANTI-TROJAN
BLACKICE
ZONEALARM
LOCKDOWNADVANCED
NVC95
FP-WIN
IOMON98
PCCWIN98
F-PROT
F-STOPW
IAMSERV.EXE
NAVWNT
NAVRUNR
NAVLU32
NAVAPSVC
VSMON.EXE
SYMPROXYSVC
RESCUE32
NISSERV
VSECOMR
VETTRAY
TDS2-NT
CCAPP.EXE
SCAN32
PCFWALLICON
NSCHED32
SPHINX.EXE
FRW.EXE
MCAFEE
ATRACK
PVIEW.EXE
LUCOMSERVER
LUALL.EXE
NMAIN.EXE
NAVW32
NAVAPW32
VSSTAT
VSHWIN32
AVSYNMGR
AVCONSOL
WEBTRAP
POP3TRAP
PCCMAIN
PCCIOMON
ESAFE.EXE
AVPM.EXE
AVPCC.EXE
AMON.EXE
ALERTSVC
ZAPRO.EXE
AVP32
LOCKDOWN2000
AVP.EXE
CFINET32
CFINET
ICMON
SAFEWEB
WEBSCANX
IAMAPP
Orm tillåter inte att följande program körs.
Norton AntiVirus
LiveUpdate
System Configuration Utility
Process Viewer
Registry-Editor
Windows Task Manager
W32.CyberKickin.worm, kan också sprida sig via P2P nätverk, såsom KaZaa och Bearshare
English version:
Virusnamn: W32.Cyberkickin.worm
Description
W32.Cyberkickin.worm, is a internet work, that spreads through email, P2P and IRC. The worm is written in Visual C and packed with UPX (Ultimate Packer for executables). The worm is also known as: W32/Kickin@MM.
What does it do?
If the worm is activated it will copy itself to the root on the infected computer as kicking.exe. It will also copy itself into windows directory as cyberwolf.exe (Hidden and Read-only). The worm will also copy itself into windows systemfolder as kernel32.exe (Hidden and Read-only).
The worm will also create the following files in the windows system folder. Magical-screensaver.scr Saddam-the real pics.scr SARS-Guide.scr Last Summer.scr mapi32.drv format.com MsnMsgs.exe Setup.exe Christina Aguilera-The most beautiful girl on earth.scr Soccer Database.exe OutWar Demo.exe Love.scr Hotmail Hacker.exe FixSql.com Q30215HOTFIX.pif Api Hooking-Tutorial.exe
The worm will make changes to the registry database so that it will become activated each time a restart of the system is performed. This is done through run-as values:
HKLMSoftwareMicrosoftCurrentVersion
unCyberwolf="%windir%/cyberwolf.exe
HKLMSoftwareMicrosoftCurrentVersion
unCyberwolf="%winsystem%/kernel32.exe
The worm will also add to the registrydatabase so taht kernel32.exe (The worm) is run each time someone opens a executable (.exe)
(HKCRexefileshellopencommand]="%winsysdir%Kernel32.exe"%1"%*")
W32.Cyberkicking.worm will send it self through e-mail. The addresses it uses is found through searching through the harddrives for WAB (Windows Address Book), MSN, ICQ, aswell as filetypes .html, .htm and .eml. W32.Cyberkicking.worm contains it’s own SMTP server aswell as a list of predefined SMTP Relays. W32.Cyberkicking.worm send mails with the following content.
From:
Webmaster@planet-source-code.com
Subject:
Api Hooking Tutorial...
Body:
Did you wanted to learn how to api hook?
Here your chance!This tutorial explains all the basics AND moderate Api Hookings Starting by hooking Registry Keys,Till hiding files from view in Windows Explorer After reading this tut you can even start Windows RootKit Programming but ofcourse thats up to you to decide...
The Tutorial attached in this e-mail is for privat use only and may never be distributed under any curcumstances
Provided to you by: Webmaster
and www.planet-source-code.com
Attatchment:
Api Hooking-Tutorial.exe
From:
Support@microsoft.com
Subject:
Windows Hotfix!
Body:
Attached is the HotFix for several bugs in Windows Operating Systems. The following Windows versions are vulnerable: Windows Xp home and Pro edition (with/without SP1) Windows ME,2000 and NT Home and Pro Edition(With/without SP) Windows 98 Home,Pro and Special Edition(With/without SP) The following Windows Operating Systems are not vulnerable: Windows 95(All editions With or Without Sp Microsoft IIS(all versions)
If your Operating System is one of the vulnerable systems listed above then Microsoft Corp. recommends you to install this HotFix If you for some reason didn’t install this hotfix,then your pc will be vulnerable to this bugs allowing an attacker to Remote Control your pc,or beeing infected with the infamous SqlSlammer. Because this is an critical bug,Microsoft Corp. has send this HotFix to all of his customors who use one of the OS’s.
For more information about this bug or about Microsoft Corp.,please visit www.microsoft.com Presented to you by:Microsoft HelpDesk
Vedhæftet:
Q30215HOTFIX.pif
From:
Lovergirl@yahoo.com
Subject:
Fwd:Fwd:Fwd:Watch out for SARS!
Body:
---ORIGINAL MESSAGE BODY---
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:Watch out for SARS!
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:FwdWatch out for SARS!
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:Fwd:Fwd:Watch out for SARS!
SARS aka Severe Acute Respiration Syndrome is infecting more and more people every day Soon it will get to USA,Europe,Asia,Africa and Australia if we don’t do something Thats why we started this chain letter with a single attachment Our mission is to make all people aware of the disease and to give them a handy guide on how to protect themselves The
attachment(SARS-Guide) is a guide (like the name says;)) with instructions for avoiding infection and what to do when infected Ofcourse we cannot send this Guide to all people,thats why the WHO(World Health Organisation) has made a deal with WISI(World Internet Statistic Institute):For mail FORWARD of this email WITH the Guide,0.50US$ will be transfered to the WHO bank account They will use this money to make a vaccin for the SARS Virus,and thus help mankind If you want to participate to this project,and thus help man kind,you should FORWARD this email to at least 1 person with this Guide Attached Thas all you’ll have to do Do,’t forget!Every FORWARD is 0.50US$ more for the vaccin,a vaccin is very expensive,so forward it if you want to participate in helping mankind!
For more information contact:
Dick Thompson - Communication Officer
Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
Email: thompsond@who.int
Attatchment:
SARS-Guide.scr
From:
nice_girl21@hotmail.com
Subject:
Fwd:How to protect yourself against SARS
Body:
ORIGINAL MESSAGE BODY:
FROM:
DATE: Tuesday, May 06, 2003 11:37:31
TO:
SUBJECT: Fwd:How to protect yourself against SARS
SARS aka. Severe Acute Respiratory Syndrome is a worldwide health threat. It was first discovered in China But now,it has become a very big thread to all people in this world If no vaccin is found,soon more then 500.000 people will be infected with it This vaccin is not yet made,so within this time the ONLY protection humans have is prevention of infection
Thats why we of HealthCare launched a project in which we will send newsletters with information about SARS and with prevention rules. Symptoms:High Fever(>38-C) AND one or more respiratory symptoms including cough, shortness of breath, difficulty breathing Also be aware of the following:close contact with a person who has been diagnosed with SARS AND a recent history of travel to areas reporting cases of SARS In addition to fever and respiratory symptoms, SARS may be associated with other symptoms including: headache, muscular stiffness, loss of appetite, malaise, confusion, rash, and diarrhea. Until more is known about the cause of these outbreaks, WHO (World Health Organization) recommends that all people read the attached instructions of howto prevent beeing infected with SARS and what to do when infection has occurred For more information contact: Dick Thompson - Communication Officer Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
Email: thompsond@who.int
Attatchment:
SARS-Guide.scr
From:
webmaster@screensavers.com
Subject:
Saddam alive and kickin’
Body:
The whole world wants to know it,is saddam a live,or death? Well somedays a go the britisch took secret spy cam pics,and luckely someone has uploaded this pics to the internet,and now their avaible! You won’t believe what you see!its amazing!!!The spy cam was hidden inside a tower in Bagdad and it took pics from saddam and his sons,they our 250m beneath the ground! Check out the pics i attached,you won’t believe what you see!
Vedhæftet:
Saddam-the real pics.scr
Fra:
SecurityResponse@symantec.com
Emne:
Warning from Symantec.com
Innhold:
5/4/2003 A NEW INTERNET WORM HAS BEEN FOUND IN THE WILD
A new very dangerous internet worm has been found in the wild.This worms goes under the name W32.SqlSlammer.C@mm and has the possibility to spread by several ports on your pc(139,25,445,446,10252). It will infect you without your knowlegde because it uses the Sql Buffer Overflow exploit.Because of this its very hard for Av companies and Microsoft to contain this thread.Thats why we decided to protect our customors by sending then SqlFix and thus protecting them from infection. After installation the fix will determine if the SqlSlammer.C has infected your pc and clean it.If it didn’t infect it then it will make sure it will never infect you by closing the bug in your OS. Simply run the attached fix and wait for the dialog to prompt,select the feature and wait till its finished. Sincerely, Symantec Security Response Team Symantec Corporation
Attatchment:
FixSql.com
From:
Admin@hackers.com
Subject:
u wanted to hack?
Body:
hi there,so you wanted to hack your friends hotmail account huh,well use this xss-exploit tool to find his password within 3 minutes!! Simply open it and enter your victims email ID and select
This will also work on Yahoo and Icq accounts
Admin@hackers.com
From:
Loverg
Företag
EuroTrust Sweden AB
Lilla Fiskaregatan 8A
22222 22222 Lund,
Sverige
0708132414
http://www.virus112.nu
Ta emot nyheter från EuroTrust Sweden AB per e-post
Anmäl dig här