You are here: silicon.com > Resources > White Papers

White Papers

Red Alert: I-Worm.Updater / UPDATE.VBS (Kaspersky)

Overview Date: Thursday, December 06, 2001

Name: I-Worm.Updater

Kaspersky Labs reports the detection of the latest Internet worm, I-Worm.Updater. At this time, several reports of infection by this malicious code have been reported.

Updater is written in Visual Basic Script, and the worm itself is an EXE file about 12Kb in length, compressed in a UPX utility.

The worm spreads via e-mail by gaining access to the Outlook address book. The worm, unbeknownst to a user, sends infected messages to all addresses found in Outlook.

This is a virus-worm that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 12Kb in length, and it is written in Visual Basic (VB6). It is packed by the UPX program. After unpacking, it is 45 Kb in size.

The worm activates from an infected e-mail only when a user clicks on an attached file. The worm then installs itself to the system, runs a spreading routine and payload.

The infected messages have different texts and attached file names, they are randomly selected by the worm while spreading from the [a set of] variants.

Updater has some troublesome side effects. The worm creates a malicious script progrm, UPDATE.VBS, copies the program to the Windows autoloading catalogue, and releases it upon completion. This program searches for files with .EXE, .DOC, and .VBS extentions on disks, and creates a file companion for them containing the worm's copy. These file companions have the same names as the original files, plus a "second" .VBS extension.

Further White Paper Details
Publisher	Kaspersky Lab	File Format	HTML
Date Published	December 2001	Downloads	13
Format	White Papers
Topics	N/A

Did you find this white paper useful? 1 out of 3 users found this white paper useful

Delivering Information in Real Time

Publisher:
IBM

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Publisher:
Citrix Systems

A Day in a Low Carbon Life 2012

Publisher:
IBM

Does 802.11n deliver better wireless services for Enterprises?

Publisher:
Siemens

No Apology for same old virus

The Trojan virus infects a computer by deleting all DLL, INI, EXE, BMP, LOG and COM files in Windows and other system directories making it impossible to reboot an infected system. Magistr, a polymorphic executable file virus, spreads by email as...

Channel:
Security Strategy

Virus Alert: Shakira joins the chick-worm posse

The message also spreads through internet relay chat systems. Users will know they have been hit when the message "You have been infected by the ShakiraPics Worm" appears on their screen. A virus named after Colombian singing sensation Shakira has...

Channel:
Security Strategy

Worm warning: Another little wriggler plagues Kazaa

Like KWBot and Benjamin, Duload spreads by modifying the infected computer's system registry and then disguising multiple copies of itself as files that other Kazaa users might like to download. It uses names such as Free Porn.exe, Win An Xbox.exe...

Channel:
Security Strategy

Virus warning: Beware email from support@microsoft.com

Once activated the Palyh worm copies itself into the Windows directory under the name "MSCCN32.EXE" and registers this file in the system registry's auto-run key so that it is placed into system memory and automatically launched upon operating...

"Our private photos" email worm warning

Schmugar said one of the more unusual aspects of the worm - which McAfee classified as a "moderate" threat - was its use of a Zip file, which could prove to have longer legs than the .exe files most worms try to spread.

AIM worm exhibits new, nasty tactics

The worm then spreads itself by sending messages to all names on the victim's contact list. In addition to the 'lockx.exe' rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect...

Channel:
Malware
Tags:
aim,
computer worm

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

White Papers

Red Alert: I-Worm.Updater / UPDATE.VBS (Kaspersky)

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific