Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page W32/Onamu-B
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old August 5th, 2002, 02:08 AM
FanJ
 
Posts: n/a
Default W32/Onamu-B
Name: W32/Onamu-B
Aliases: WORM_MOE.B, I-Worm.Desos.b
Type: Win32 worm
Date: 5 August 2002


Sophos has received several reports of this worm from the wild.

Description
W32/Onamu-B is a worm which spreads via SMTP. It arrives as an attachment to an email. The email appears to come from a fake name and email address selected from the following lists:

Possible first names:
Mario
Nadia
Gabriel
Federico
Andrea
Laura
Patricia
Osvaldo
Sofia
Sandra
Javier
Cristina
Pablo
Cecilia
Ariel
Silvia
Emilio
Flavia
Jorge

Possible middle initials:
E.
M.
O.
R.
T.
A.
H.
P.
L.

Possible surnames:
Macchi
Rizzo
Rodriguez
Narvaez
Mosquera
Montagna
Miranda
Armitano
Kohan
Lewin
Machado
Miller
Ibarra
Gutierrez
Castro
Godoy
Ferreira
Ferrer
Chiappe
Chiesa

Possible email addresses:
aldu5n_02@yahoo.com
mor8l_88@netscape.com
lime@illusive.org
lemax7@compuserve.com
xnto_678@hotmail.com
lecs2462@yahoo.com
4588bell@netscape.com
vvgro55@illusive.org
4653_trey@compuserve.com
wer937@hotmail.com

The email will have a subject line, message text and attached file chosen from the following lists:

Possible subject lines:
Seduccion
Humano
Musica
Mujer
Hombre
Confesion
Infidelidad
Belleza
Relaciones casuales
Tus deseos
Mi secreto
La clave
Enojo
Perdon
Responde!
Cita
Papelon
Renuncio
Monstruo
Joven

Possible message texts:
Cap.3 El arte de provocar.
El Ser Humano que pudiste ser.
Esta es la musica que te prometi.
La mujer mas bella...
Un hombre entero.
Ya sabes que fui yo?.
Las imagenes de tu infidelidad.
No estas conforme con tu apariencia?
Esta es la lista para esta semana.
Si te conforman, puedo enviar mas.
Recorda tu promesa!
No la vuelvas a perder, no abuses.
Cuando veas esto, se te pasa.
Crei que ya lo habia enviado.
Nunca respondiste. No seas cruel.
Me gusto lo que enviaste. Si te gusta, arreglamos.
Te dije que es demasiado gorda. Mira!
No puedo mejorarlo, ya es perfecto.
Ahora te creo. Pobre mujer!
Disculpa, sos demasiado joven para mi.

Possible attached files:
s_CAP3.EXE
HUMANO.EXE
MUSIC.EXE
MUJER.EXE
HOMBRE.EXE
CONFESION.EXE
INFIEL.EXE
BELLEZA.EXE
LISTArc.EXE
DESEOS.EXE
SECRETO.EXE
CLAVE.EXE
YO.EXE
FEOS.EXE
PASION.EXE
CITA2.EXE
GORDA.EXE
CUERPO.EXE
MONSTRUO.EXE
JOVEN.EXE

The worm copies itself to the Windows folder with a filename consisting of 5 randomly chosen letter and an EXE extension and adds a registry entry to
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
so that the worm is run when Windows starts.



More information about W32/Onamu-B can be found at
http://www.sophos.com/virusinfo/analyses/w32onamub.html
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 07:53 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums