I recently posted about sending e-cards, and then I go to work and there is an outbreak. Wouldn’t you know it was started via E-Cards. As of now some virus scanners are picking it up, most are still not. It bothers me when the scanners I would normally trust are not detecting it yet. Being I use open source scanner I just made my own signature to catch it.
NOTICE: As of this writing most virus scanners are NOT picking it up. The first commercial virus scanner to have a signature for it was Kaspersky.
DETAILS:
This virus has a built in SMTP Engine or it can use the default SMTP server setup by your email client to send out emails. It works as a Mass Mailer harvesting email addresses from your computer. It can also download and get files from the internet to update itself. It creates a registry entry for startup.
It runs in the background and allows a remote intruder to gain access and control over the computer. It is defiantly capable of logging keystrokes! It is Network aware and will attempt to infect other machines the current logged in user has access to.
Files it may create:
- %system%qnx.exe
- %system%vxworks.exe
Ports it may open:
- 1033 – TCP
- 1057 – TCP
- 1070 – TCP
Common Attachments:
- postcard.zip
- coupons.zip
- promotion.zip
Subjects:
- Coca Cola is proud to announce our new Christmas Promotion
- You’ve received A Hallmark E-Card!
- Mcdonalds wishes you Merry Christmas!
The virus arrives looking like the following
 |
 |
 |
Once again if you receive an email with an attachment that you where not expecting to get. DO NOT OPEN IT! A little common sense goes a long way. If you are still getting these in your email and need some protection click here to contact me about V.Protect! You can also contact me about cleaning it up if it is to late.
spring