Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
VBS.Monopol Viruses Information

Name: VBS.Monopol
Category: Viruses
Description: Details
VBS.Monopoly

Another Melissa-like worm. It spreads through e-mail using MS Outlook client. The main difference between the two worms is this one is written in Visual Basic Script instead of MS Office macro-language. Most of its code is encrypted to make analysis more difficult.
The virus arrives to a computer as an e-mail message with an attached "MONOPOLY.VBS" file. When this file (containing VBScript) is executed, it creates an image file "MONOPOLY.JPG" in a temporary folder. It also creates another two files "MONOPOLY.WSH" and "MONOPOLY.VBE". The VBE file contains encrypted VBScript and executes with a WSH file.
When VBE is executing, it displays the message:
Bill Gates is guilty of monopoly. Here is the proof

Then it displays picture from the image file. The picture shows Bill Gates' face on a Monopoly game board.
The worm's spreading routine is very close to the routine of "Melissa" virus. Worm sends itself to every address from the Outlook address book. The message contains the attached file "MONOPOLY.VBS".
Subject:
Bill Gates joke
Text:
Bill Gates is guilty of monopoly. Here is the proof. :-)

Warm also sends another message to the following addresses:
monopoly@mixmail.com, monpooly@telebot.com, mooponly@ciudad.com.ar,
mloponoy@usa.net, yloponom@gnwmail.com

In this message, the worm sends a list of names and addresses from an Outlook address book, ICQ UIN files and information obtained in the Windows registry:
Registered user name and organization
Network computer name
DVD region
Country and area code
Language
Windows version
Internet Explorer start page
After all this, the worm modifies the system registry:
"HKEY_LOCAL_MACHINESoftwareOUTLOOK.Monopoly" = "True"

In this way, the worm marks a computer and will not send messages from this computer next time.


Demonstrations of the virus effects:


monopoly.jpg



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Pizelun.359
Macro.Word.Po
AP.NightCit
UsePascal.240
Est.58
Fault.920
YCTC famil
Svin.25
VBS.GaScrip
LoveMe famil


 

© 2006-2008 spyware32.com - Privacy Policy