1 / 19

Mass Mailing Worm

Mass Mailing Worm. Powered By: Nikhil Bendre Gauri Jape. What is ‘ Computer Worm’ ?. Programs that reproduce, execute independently and travel across the network connections. The key difference between a virus and worm is the manner in which it reproduces spreads .

sabina
Download Presentation

Mass Mailing Worm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mass Mailing Worm Powered By: Nikhil Bendre Gauri Jape

  2. What is ‘ Computer Worm’ ? • Programs that reproduce, execute independently and travel across the network connections. • The key difference between a virus and worm is the manner in which it • reproduces • spreads.

  3. Types Of Computer Worms • E-Mail Worms (Mass Mailing Worm) • Instant Messaging Worm • Internet Worm • File Sharing Worm • IRC Worm

  4. Details Of E-Mail Worm • Spread Through Infected E-mail • Consume Valuable Internet Resources • Use As a vehicle for DDoS (Distributed Denial Of Service Attack)

  5. Examples • “ILoveYou” } } spread in 2000-2001 • “AnnaKournikova” } • Latest, • “Here You Have” } 2010

  6. ‘Here You Have’ • Subject Line Indicator • Detection in September • 9th Sept 2010 • McAfee Avert Labs • Detects as Virus W32/VBMania@MM

  7. W32/VBMania@MM • Type Virus • Sub Type Worm • Discovery Date 09/09/2010 • Length Varies • Minimum DAT 6101 (09/09/2010) • Updated DAT 6104 (09/12/2010) • Minimum Engine 5.4.00 • Description Added 09/09/2010 • Description Modified 10/26/2010 9:12 AM (PT) • Written in VB

  8. Locations • The worm copies itself into the following locations: • %WINDIR%\system\Administrator CV 2010.exe • %WINDIR%\system\updates.exe • %WINDIR%\Administrator CV 2010.exe • %WINDIR%\csrss.exe • %SYSTEMDRIVE%\Administrator CV 2010.exe • %SYSTEMDRIVE%\open.exe • %Removable Drive%\ open.exe

  9. Registry • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares\updates'CSCFlags = 0 MaxUses = 100 Path =  %WINDIR%\system Permissions = 0 Remark = Public share for update. Type = 0' • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<PROCESS name><PROCESS name>\ • Debugger="%WINDIR%\csrss.exe"

  10. Details • .SCR Executable • Starts with "Hello... this is the document I told you about, you can find it here." • “PDF” Link in Email

  11. Worm Looks Like in Inbox • Subject: Here you have or Just For youBody: • Hello:This is The Document I told you about,youcan find it Here.http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf • Please check it and reply as soon as possible. • Cheers,

  12. Infection Here you Have- ‘Virus Attack’

  13. Infection • User downloads the screen saver • Infected, once Downloaded

  14. When Virus Runs • Installs itself as CSRSS.EXE in Windows Directory • Emails the Contents of Address Book • Tries to Download files • Deletes Security Software • Spread Itself

  15. Spread • Through Remote Machines • Mapped Network Drives • Removable Media via Autorun Features • Outlook Express Users

  16. Virus Sighted @ • ABC/ Disney • Google • Coca Cola • NASA • Comcast

  17. Detection • On Thursday 9th Sept 2010 ,at 10 :30 pm Pacific Time Symantec • Started blocking the worm • The screensaver file taken down from multimedia.co.uk(Lycos Service) • Still more than 65000 spams reported

  18. Remedy/ Solution • Do Not Click On suspicious link • Download Updated version of McAfee , Norton having updated virus definitions • Use Microsoft’s Free Security Essentials

  19. END Happy Computer

More Related