CISSI

Discussion in 'malware problems & news' started by FanJ, Dec 20, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Quotes from today's BOClean update notification:


    WORM DU JOUR: CISSI (mass mailer)

    Arrives with one of the following titles:

    Heres a poem for you
    Ive written a poem for you
    Love poems for you :)
    Look what i wrote for you
    Poems for you

    Comes with attachments:

    LovePoem.pif
    Poem_collection.pif
    Zipped_poems.exe
    My Poems.txt.exe
    Poems.pif
    Sad Stories and Poems.pif
    My Story.pif
    The Poems.pif
    Poems for you.pif
    Only Poems.txt.pif

    copies existing files of the following extensions to %SYSTEMDIR%\ST folder
    created by the worm, but does not delete the originals:

    .htt, .rtf, .doc, .xls, .ini, .mdb, .txt, .htm, .html, .wab, .pst, .fdb,
    .cfg, .ldb, .eml, .abc, .ldif, .nab, .adp, .mdw, .mda, .mde, .ade, .sln,
    .dsw, .dsp, .vap, .php, . sp, .shtml

    Startup: shell= line in SYSTEM.INI file
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Thanks FanJ,

    This one is very active:
    Detected as Win32/Duster.B worm after the last update.

    Yesterday it was CISSI.zip - probably unknown NewHeur_PE virus - deleted   

    Regards,

    Pieter   
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.