Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Cali Viruses Information

Name: I-Worm.Cali
Category: Viruses
Description: Details
I-Worm.Calil

Calil is an Internet worm spreading via the Internet as an attachment to infected email messages.
The worm sends out messages with the following properties:

Subject: FW:FW: LILAC project video attach
Attachment name: LILAC_WHAT_A_WONDERFULNAME.avi
Attachment size: 12208 bytes
Message body: Things that the govt. dont want you to know

Installation
When the worm is launched on a computer for the first time, it tries to copy itself to the following hard coded locations:

c:win98tempLILAC_WHAT_A_WONDERFULNAME.avi c:windowstempLILAC_WHAT_A_WONDERFULNAME.avi.exe c:win95tempLILAC_WHAT_A_WONDERFULNAME.avi.exe c:winnttempLILAC_WHAT_A_WONDERFULNAME.avi.exe c:winmetempLILAC_WHAT_A_WONDERFULNAME.avi.exe c:winxptempLILAC_WHAT_A_WONDERFULNAME.avi.exe
Calil launches a copy of itself, automatically upon the restart of Windows by writing the following registry value:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Lilac=(one of the paths specified above)
Next the worm shows a fake error message:
Windows Error54: Media Player not installed correctly

Replication
The worm gets e-mail addresses from the Windows and Outlook address books, and sends infected messages to these addresses. It uses Outlook to send infected messages. Other
Calil changes the system registered owner information by writing the following registry values:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion RegisteredOwner=xEnOcrAtEs LegalNoticeCaption=Owned by: LegalNoticeText=Owned by: xEnOcrAtEs
This forces Windows to show the following message when starting:
Owned by: xEnOcrAtEs



Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Inco
Trojan-Downloader.Win32.Agent.r
Shutdown.64
ELCN.37
CS.Gal
Unashamed famil
Seagull.44
Tox.20
Claudia.877
Sisters.222


 

© 2006-2008 spyware32.com - Privacy Policy