The website makes you download two files, worm2007.exe and YMworm.exe. I think worm2007.exe is a trojan to control you and YMworm.exe is definitely a worm to spread the.. bad word (the latter is an AutoIT script)! This is a list of some possible messages (wwwlinkcom is the above-named domain):- :D who is beside you in this pic wwwlinkcom friendpic1.jpg so good-looking
- ;) 1 of my vacation pictures wwwlinkcom vacation1.jpg <:-P
- hot pics this week wwwlinkcom hot.jpg :x
- ;) 1 of my vacation pictures wwwlinkcom vacation2.jpg <:-P
- Screenshot of my new Ipod wwwlinkcom vista.jpg so cool :D
- Images shot in Iraq _ The war will never end wwwlinkcom Iraqwar.jpg << :(
- :)) I won an iPhone. You will never believe it :O wwwlinkcom mylottery.jpg <<
- never click into the links like something in this image wwwlinkcom dontclick.jpg #:-S !!!
- :( the page cannot be displayed wwwlinkcom error.jpg Something was wrong !!! Check it again and tell me later. THanks
- My pics wwwlinkcom mypics.jpg b-( <<
Tac Gia: TermeX - ThanatoS
Phan Mem: TermeX Bot
Phien Ban: 2.0
Cong Dung: Quang cao Website thong qua Y!M,MSN,AIM,My Computer
Phat Hanh: 20-9-2006
Imagine.. this worm has survived ever since! Despite the fact that it changes your home page to www.quicknews.info it also "spreads the word" in Yahoo messenger, AOL Instant messenger, MSN/Windows Live Messenger etc... thecoolpics.net is still alive.A lot of antivirus software do not detect YMworm.exe, it's time they do!
No comments:
Post a Comment