VIRUS ALERT - 9-11 virus (W32/Chet@mm) reported!

Discussion in 'malware problems & news' started by Technodrome, Sep 10, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Command Software Systems, Inc.

    Name: W32/Chet@mm
    Aliases: Chet, W32/Chet@MM
    Type: Internet Worm
    Discovery Date: September 10, 2002

    Description:

    W32/Chet@mm is a internet worm that arrives as an email with an attachment
    entitled "11September.exe". More details about this worm are pending.

    more: http://www.commandsoftware.com


    Technodrome
     
  2. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    What very sick malware :(
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Helsinki, Finland September 11th

    F-Secure Corporation informs that it has received copies of a new Windows e-mail worm called "Chet". This worm is themed around the September 11th terrorist attacks.

    This worm was found on September 10th, 2002. As it contains serious bugs, the Chet worm will fail to function on most systems and can not be considered to be a major threat at this time. This advisory is published to prevent
    unnecessary hysteria on this worm.

    The Chet worm tries to spread via an attachment file called 11september.exe.
    When this file is executed, the worm will attempt to send an e-mail to each address found from the Windows address book. The e-mail would always have "mail(at)world.com" as the sender and "All people!!" as the subject.

    The e-mail tries to explain that the attached "11september.exe" file contains proof of a conspiracy between US government and Al-Qaeda. However, if user executes the file, nothing visible happens while the worm tries to send itself to every e-mail address listed in the computers address book. This worm has apparently been written in Russia.

    "This seems to be a poor attempt from a wannabe virus writer to exploit the commemoration of September 11th", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "However, as the worm seems to crash
    regularily, it won't go far".

    Detailed description of the worm is available at:
    http://www.f-secure.com/v-descs/chet.shtml
     
  4. FanJ

    FanJ Guest

    W32/Chet-A

    Name: W32/Chet-A
    Type: Win32 worm
    Date: 11 September 2002

    Aliases:

    W32.Chet@mm, W32/Chet@MM, WORM_CHET.A, W32/Anniv911.A-mm



    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    Description:

    W32/Chet-A is an email worm which spreads via Microsoft Outlook Express. The worm moves itself to the Windows system folder as SYNCHOST1.EXE and creates the following registry entry to run itself on system restart:

    HKCR\Software\Microsoft\Windows\CurrentVersion\Run\ICQ1 =
    "C:\<Windows>\<system>\SYNCHOST1.EXE"

    Emails arrive with the following characteristics:

    Subject line: All people!!
    Message text:
    Dear ladies and gentlemen!

    The given letter does not contain viruses, and is not Spam. We ask you to be in earnest to this letter. As you know America and England have begun bombardment of Iraq, cause of its threat for all the world. It isn't the truth. The real reason is in money laundering and also to cover up traces after acts of terrorism September, 11, 2001. Are real proofs of connection between Bush and Al-Qaeda necessary for you? Please! There is a friendly dialogue between Bin Laden and the secretary of a state security of USA in the given photos. In the following photo you'll see, how FBI discusses how to strike over New York to lose people as much as possible. And the document representing the super confidential agreement between CIA and Al-Qaeda is submitted to your attention. All this circus was specially played to powder brains!! You'll find out the truth. Naked truth, instead of TV showed.

    For your convenience, and to make letter less, all documentary materials (photos and MS Word documents) are located in one EXE file. Open it, and all materials will be installed on your computer. You will receive the freshest and classified documents automatically from our site. It isn't a virus! You can trust us absolutely. We hope, that it will open your eyes on many things occurring in this world.



    More information about W32/Chet-A can be found at
    http://www.sophos.com/virusinfo/analyses/w32cheta.html

    Note from FanJ:
    Sophos has also posted a picture at that site.
     
Loading...
Thread Status:
Not open for further replies.