検索:
ホーム   »     »   Get Warm (Not Worm) For Christmas

Get Warm (Not Worm) For Christmas

  • 投稿日:2005年12月7日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0



As Christmas draws near, we have been on a look out for malwares taking advantage of the season, and for sure we came in contact with one.

ISC has reported that it is spreading out a message that says

“This AIM user has sent you a Greetings Card, to open it visit:
http://greetings.aol.com/index.pd?source=christmastheme?my_christmas_card.COM”

But in truth the link goes to http://{blocked}34.156/My_Christmas_Card.COM which is an AIM Worm.

So just to be on the safe side, be on the lookout for this message. Also its dropped filename is in %WINDOWS%lsass.exe, so if you notice two processes with the name lsass.exe, then you’re probably infected.

The malware has already been passed to the service team and I will update this once I get the reply for its detection.


Update (Ivan, 07 December 2005 09:18:26)

This Christmas IM Worm is now detected as WORM_AIMDES.E since CPR 2.986.04.


Update (Ivan, 08 December 2005 00:37:43)

There has also been a report received that the AIMDES.E spreads also via a another URL in a similar message:

“This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greetingscard?my_christmas_card.scr This senders personal note: Merry Christmas!”

Here is a screenshot:



The link actually goes to the malware site which is:

{blocked}.17.26/My_Christmas_Card.scr.

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.