Nasty virus Winevar insults infected users
Print storyWhat a foolish thing you've done!
Posted in Security, 28th November 2002 10:29 GMT
Free whitepaper – Vulnerability management buyer's checklist
Winevar-A, the latest mass mailing virus, adds insult to injury for infected victims.
As well as attempting to delete files and sending repeating HTTP requests to Symantec's Web site (an unsophisticated DDoS ploy), Winevar also displays a rude message.
The virus normally arrives by email with an infected attachment. If Windows PC users click on the attachment, the virus gets to work screwing up systems.
Winevar-A is a dropper for the W32/Flcss virus and a worm which spreads by emailing itself via SMTP to addresses on the local computer. It also tries to terminate AV and security programs running on a machine.
And there's more.
On system restart Winevar-A displays the message "Make a fool of oneself: What a foolish thing you've done!".
If users press the OK button the worm deletes all deletable files in all folders.
AV vendors have mostly updated their definition files to detect the Winevar, which has not spread widely - yet. Here is AV vendor Sophos's description of the virus. ®
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive