Jump to content

fish - you have a virus named after you!!!!

matthew james
 Share

Recommended Posts

  • CTW Members
matthew james Newbie

matthew james

Posted
  • CTW Members
Posted

News just in.... Our very own Fish has a virus named after her!!!!!!!

 

m.

 

Name: W32/Fishlet-A

Aliases: WORM_FISHLET.A

Type: Win32 worm

Date: 14 June 2002

 

A virus identity file (IDE) which provides protection is

available now from our website and will be incorporated into the

August 2002 (3.60) release of Sophos Anti-Virus.

 

At the time of writing Sophos has received no reports from users

affected by this worm. However, we have issued this advisory

following enquiries to our support department from customers.

 

Description:

 

W32/Fishlet-A is an internet worm that spreads via email by

sending itself to email addresses found in the Windows address

book.

 

The email will have the following characteristics:

Sender's address: eMarket Services

Recipient: e-Market customer

Subject line: Order report

Message body:

The body of the email starts with the following lines:

 

"Dear eBay customer,

 

Thank you for using eBay services.

_____________________________

Your order Num. is: 31547

Delivery time: 7 days

 

Order subject: Inventory # 476

 

PENTIUM 4 1.6GHz 40GB/32VID

128MB PC800 NON-ECC RDRAM

1.44 MB Floppy Disk Drive

48X RW CD-ROM Drive

Software: Norton Antivirus

Software: Microsoft Windows XP HOME Edition

All Components Assembled and Ready to Go!

 

Price: 738.00$"

 

Attached file: .exe

 

When this file is run an eBay advertisement is displayed. The

worm copies itself into the Windows folder as ssh261.exe. It

also drops the files fishlet.bin, SndVx.exe and ccfp.exe into

the same folder. The worm sets the following registry entry so

that it will be automatically started when Windows starts up:

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SndVX=

\SndVx.exe

 

Download the IDE file from

http://www.sophos.com/downloads/ide/fishleta.ide

 

Read the analysis at

http://www.sophos.com/virusinfo/analyses/w32fishleta.html

 

Download a ZIP file containing all the IDE files available for

the current version of Sophos Anti-Virus from

http://www.sophos.com/downloads/ide/ides.zip

 

Read about how to use IDE files at

http://www.sophos.com/downloads/ide/using.html

 

---------------------------------------------------------------------

To unsubscribe, email: notification-unsubscribe@lists.sophos.com

For additional commands, email: notification-faq@lists.sophos.com

Link to comment
Share on other sites
  • CTW Members
TidyTraxGrant Veteran

TidyTraxGrant

Posted
  • CTW Members
Posted
[shocked] Beware Of The FishMeister ! [shocked]

\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
TidyTraxGrant image.gif
' I haven't had a c*nt all night, drinkstable '
E Mail : Grant@ClubTheWorld.com
MSN : TidyTraxGrant@Hotmail.com
YahooID :TidyTraxGrant@Yahoo.co.uk

🇬🇧

http://www.DJLisaLashes.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...