CISSI

Discussion in 'malware problems & news' started by FanJ, Dec 20, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Quotes from today's BOClean update notification:


    WORM DU JOUR: CISSI (mass mailer)

    Arrives with one of the following titles:

    Heres a poem for you
    Ive written a poem for you
    Love poems for you :)
    Look what i wrote for you
    Poems for you

    Comes with attachments:

    LovePoem.pif
    Poem_collection.pif
    Zipped_poems.exe
    My Poems.txt.exe
    Poems.pif
    Sad Stories and Poems.pif
    My Story.pif
    The Poems.pif
    Poems for you.pif
    Only Poems.txt.pif

    copies existing files of the following extensions to %SYSTEMDIR%\ST folder
    created by the worm, but does not delete the originals:

    .htt, .rtf, .doc, .xls, .ini, .mdb, .txt, .htm, .html, .wab, .pst, .fdb,
    .cfg, .ldb, .eml, .abc, .ldif, .nab, .adp, .mdw, .mda, .mde, .ade, .sln,
    .dsw, .dsp, .vap, .php, . sp, .shtml

    Startup: shell= line in SYSTEM.INI file
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Thanks FanJ,

    This one is very active:
    Detected as Win32/Duster.B worm after the last update.

    Yesterday it was CISSI.zip - probably unknown NewHeur_PE virus - deleted   

    Regards,

    Pieter   
     
Thread Status:
Not open for further replies.