Practical PC
Stripe Reviews
Web Building Guides
Computing Guides
Opinions
Downloads
About Practical PC
 
Computing guides
What is it?
How do I?
Where do I find?
 
Windows
Sound
Graphics
Communications
Printers
Networking
Storage
Digital Photography
Web building

Practical PC Opinion

Virus Alert - Beware of Bogus Patches

"Redesi" worm disguises itself as a security patch for Microsoft products

Kaspersky Lab reports the detection of a new dangerous Internet-worm "Redesi", which spreads via e-mail and disguises its malicious intentions as a security patch for Microsoft products.

Up to date Kaspersky Lab has discovered two modifications of the worm. They differentiate only by "Subjects" and message body of the distributed e-mails.

Redesi.a:

Subject is randomly selected from the list:

FW: Microsoft security update.

FW: Security Update by Microsoft.

FW: IT departments on state of HIGH ALERT.

FW: Important news from Microsoft.

FW: Stop terrorists computer viruses reign.

FW: Terrorists release computer virus.

FW: Emergency response from Microsoft Corp.

FW: Terrorist Emergency. Latest virus can wipe disk in minutes.

FW: Microsoft Update. Final Release Candidate.

FW: New computer virus.

Message body:

Just recieved this in my email

I have contacted Microsoft and they say it's real !

-----Original Message-----

From: Microsoft Support Desk [mailto:Support@microsoft.com]

Sent: 17 October 2001 15:21

Subject: Security Update

Due to the recent spate of email spread computer viruses Microsoft Corp has released a security patch. Please apply the attached file to your Windows computer to stop any futher spread or these malicious programs. Regards

Microsoft Support

Redesi.b

Subject is randomly selected from the list:

Kev Gives great orgasms to ladeez!! -- Kev

hell is coming for u, u will be sucked into a bottomless pit!!!  -- Gaz

Scientists have found traces of the HIV virus in cows milk...here is the proof -- Will

Yay. I caught a fish -- Six

I don't want to write anything but Si is bullying me. -- Jim

I want to live in a wooden house -- Arwel

Michelle still owes me ?10 ... shit ! -- Si

Why have I only got cheese and onion crisps? I hate them !! -- Si

A new type of Lager / Weed variant...... sorted !

My dad not caring about my exam results -- by Michelle

Message body:

heh. I tell ya this is nuts ! You gotta check it out !

Name of the attached infected file is randomly selected from the list:

Si.exe

ReDe.exe

Disk.exe

Common.exe

UserConf.exe

After the attached file is executed the worm initiates the infection routine and penetrates the target computer. Then it gets access to Microsoft Outlook and sends through it its copies to all the recipients from Outlook address book.

On November 11, 2001 "Redesi" activates its payload routine and destroys all data on disk C: of the infected computer. To complete this task the worm writes a command to AUTOEXEC.BAT file that launches disk formatting. This command will be executed upon next computer boot up. It is necessary to emphasise that the payload routine can be activated only on computers having a short system date conforming to the following formats: "dd/mm/yy" or "mm/dd/yy".

 

Have your say - click here

David Dorn
 

counter