Notizia Precedente
Netscape 6.2
Notizia Successiva
ICQ 2001b 5.17 build 3642

Nimda, nuove varianti

Naviga SWZ: Home Page » News
News del 31 Ottobre 01 Autore: Antares
<img src="http://www.kaspersky.com/images/mainLogoTop.gif" align="right">Kaspersky Labs ha rilevato la presenza di cinque varianti del virus Nimda: l'ultima e la più pericolosa delle varianti è la E, appena rilevata dai maggiori centri antivirus.<br> Dopo il Nimda.a del 18 settembre che <a href="http://www.swzone.it/forum/showthread.php?threadid=372&highlight=nimda" target="_blank">abbiamo approfondito a tempo debito</a>, ecco tutte le varianti del virus.<br> <br> <b>Nimda.b </b><br> Slightly modified original "Nimda" worm, but compressed with PCShrink utility. The filenames "README.EXE" and "README.EML" are replaced with "PUTA!!.SCR" and "PUTA!!.EML".<br> <br> <b>Nimda.c </b><br> This is exactly original "Nimda" worm, but compressed by UPX compressor. <br> <br> <b>Nimda.d</b><br> Slightly modified original "Nimda" worm, but compressed with PECompact utility. The only difference with the original worm is "copyright" text strings are patched in this version with following text: "HoloCaust Virus.! V.5.2 by Stephan Fernandez.Spain". <br> <br> <img src="http://www.f-secure.com/virus-info/v-pics/nimda_e.gif" align="right" alt="screenshot Nimda.e"><b>Nimda.e </b><br> This is recompiled "Nimda" variant with several subroutines fixed and optimized. This variant was found in-the-wild at the end of October 2001. The visible differences with original worm version are: <br> The attached file name: SAMPLE.EXE (instead of README.EXE) <br> The DLL files are: HTTPODBC.DLL and COOL.DLL (instead of ADMIN.DLL)<br> The worm now copies itself to the WindowsSystem folder as Csrss.exe instead of Mmc.exe.<br> <br> <img src="https://www.swzone.it/img/link.gif" align="absmiddle"> <a href="http://www.kaspersky.com/news.asp?tnews=0&nview=1&id=249&page=0" target="_blank">Info</a><br> <br> <img src="https://www.swzone.it/img/download.gif" align="absmiddle"> <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.removal.tool.html" target="_blank"><img src="immf.php?image=occhioride.gif" border="0" alt="">ownload tool di rimozione di Nimda.e di Symantec</a>
Inserisci un commento sul forum Commenta la News sul Forum

Voto:

Categoria: Sicurezza

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

News Collegate