|
|
I-Worm.Mar Viruses Information
| Name: |
I-Worm.Mar |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Mari
This is an Internet worm that spreading via e-mails being attached as an EXE file. The worm itself is a Win32 executable file about 12Kb in length, written in VisualBasic. To spread, the worm connects to MS Outlook, obtains the e-mail addresses from the address book, then sends messages to these addresses. The infected messages contain the following:
Subject: Hi!
Body: check this out!!!
Attach: system32.exe
The worm also installs itself to the system. It copies itself to Windows and to WinNT directory with SYSTEM32.EXE name. The worm copies itself to the directory on the current drive, and fails to spread further if it is run not on the C: drive (in the instance when the temporary directory where the worm copy is saved from an infected message is not on the C: drive). The worm also fails to infect the system in case Windows is installed in a directory with another name.
The worm registers itself in the auto-run key in the system registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
SYSTEM32 = C:WindowsSYSTEM32.exe
or
SYSTEM32 = C:WinntSYSTEM32.exe
The 'a' version of the worm also modifies the WIN.INI file with auto-run keys under Win9x/ME:
[windows]
load="C:WINDOWSSYSTEM32.exe
open="C:WINDOWSSYSTEM32.exe"
[winnt]
load="C:WinntSYSTEM32.exe
open="C:WINDOWSSYSTEM32.exe"
The worm then stays in the Windows memory as a hidden (service) process and creates the "marijuana" icon in-tray:
Upon a mouse click on the icon, the worm displays the message:
IMPORTANT: PLEASE READ
I think i speak for every pot smoker in North America when i say: *Legalize Marijuana*allI mean if people with AIDS, Cancer and other deaises can use it then why cant the rest of us (pot smokers) use it?, I dont think that's very fair (Do you?). If it's legal to grow and use in places like: Australia (for personal use) then why not in North America? If doctors are useing it as a treatment for illness then it must not be *THAT* harmful (So why can't other people use it?). I really do think the federal goverment should consider legalization of marijuana. Well that's really all i have to say on the matter, but i do hope somebody, somewhere listens to what i have to say and does not just regard this as just another *virus* because it's more then that, it's a message, a message for freedom, the freedom to smoke up and have the chose to do so *WITHOUT* fear of punishment from the law and the goverment. Thank you for your time.
At 4:20 and 16:20, the worm displays the message box:
The worm also modifies the following registry keys:
HKLMSoftwareMicrosoftWindowsCurrentVersion
RegisteredOrganization = Stoner's Pot Palace.
RegisteredOwner = Im A Pot Head!
HKCUSoftwareMicrosoftInternet ExplorerMain
HKCUSoftwareMicrosoftInternet ExplorerMain
Start Page = http://my.marijuana.com
Window Title = Marijuana Explorer (LEGALIZE IT!!!) |
Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win16.Klon.1177 - 41 visits
Win32.Hidra - 41 visits
Marine.500 - 34 visits
Random Viruses Pages:
Win95.Mad.2736.
Hahari
Apadana.150
July16.59
Levi.80
Ko.36
Win95.Punch.9262.
Dzino.100
Try.107
Mummy famil
|
|
