Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
IRC-Worm.Blackou Viruses Information

Name: IRC-Worm.Blackou
Category: Viruses
Description: Details
IRC-Worm.Blackout
Blackout is an IRC worm spreading via IRC channels. The worm itself is a Word document and contains one macro called "Blackout".
Installing
When the worm is executed, it does the following: Adds the value "Level 1" to the registry key:
HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0WordSecurity

Blackput attempts to disable the Security menu item in the Macro menu and creates in the root directory of the C: disk a file called "blackout.vxd" in which it writes the source code.
Additionally this file is used to infect all Word documents in the directoryC:mydocu~1.
The worm creates the file C:Blackout.vbs and registers this file in the automatic launch string of the system registry:

HKEY_LOCAL_MACHINEMicrosoftWindowsCurrentVersionRun

Blackout adds the value ppacket by pickpacket to the registry key:
HKEY_LOCAL_MACHINESoftwareBlackout

Blackout copies itself to the C:Readme.txt.doc.
Spreading
Blackout searches for the "Mirc32.exe" file in the folders:
C:Mirc and C:Progra~1Mirc.
If the worm finds the "Mirc32.exe" file in these folders it attempts to overwrite the "Script.ini" file in the same folder(s). The "Script.ini" file is a short mIRC program that sends the C:Readme.txt.doc file to everybody who enters an infected channel.
Payload
If the hour is 0 or 23, the worm may use the Microsoft Office Assistant to display the following message:
W97M/Blackout
This goes out to the people in the power companies!!!

Blackout then changes the value to "NoClose" in the registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

This hides the "Shut Down" menu item on the Start menu.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Soulfly.200
I-Worm.Dumaru.
Holera_II.148
Light.101
Macro.Word.Cleanu
Techno.112
Sandy.137
IRC-Worm.MrWormy.119
Tic Famil
I-Worm.Mydoom.


 

© 2006-2008 spyware32.com - Privacy Policy