MS C# virus

Discussion in 'malware problems & news' started by javacool, Mar 1, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    From SecurityNewsPortal.com

    Catch the article here: http://www.securitynewsportal.com/c...i?database=JanH.db&command=viewone&id=55&op=t
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    Full report from Newsbytes.com:

    Link to article: http://www.newsbytes.com/news/02/174895.html.
     
  3. FanJ

    FanJ Guest

    W32/Sharp-A

    Name: W32/Sharp-A
    Aliases: W32/Sharpie@mm
    Type: Win32 executable file virus
    Date: 4 March 2002


    At the time of writing Sophos has received no reports from users affected by this virus. However, we have issued this advisory following enquiries to our support department from customers.

    Description:

    W32/Sharp-A is a virus that arrives in an email message with the following characteristics:

    Subject: Important: Windows update
    Message body: Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.
    Attachment: MS02-010.EXE

    When W32/Sharp-A is executed it copies itself to C:\MS02-010.EXE
    and drops and executes sharp.vbs in the current directory. This file is detected as VBS/Sharp-A. The script sends the email described above to everyone in the Outlook address book.

    If the virus detects the Microsoft .NET runtime, it drops and executes the file cs.exe in the Windows directory. This file infects .EXE files with W32/Sharp-A and creates the file sharp.vbs in the Windows startup folder. This file merely displays a message box with the title "Sharp" and the text

    "You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase"

    The virus also creates the registry key HKLM/Software/Sharp
    which contains the name of the viral file which was run.


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/w32sharpa.html
     
Loading...
Thread Status:
Not open for further replies.