Esta página es un servicio gratuito de Video Soft BBS - SUBSCRIBASE en nuestras listas de correo.

Busque su tema:

VSantivirus  Internet
Proporcionado por FreeFind

Video Soft BBS
Menú Principal
Anti Trojans
Antivirus
Hoaxes
Subscripciones
Otro software
Artículos
Links
Sugerencias
Sobre el BBS
Direcciones
Galería
Chat

Controlado desde el
19/10/97 por NedStat
W32/Gruel.H. Se propaga como falsa noticia de la CNN
 
VSantivirus No. 1108 Año 7, Domingo 20 de julio de 2003

 W32/Gruel.H. Se propaga como falsa noticia de la CNN
http://www.vsantivirus.com/gruel-h.htm

Nombre: W32/Gruel.H
Tipo: Gusano de Internet
Alias: W32/Gruel-H, W32/Fakerr.h@MM, W32.Gruel.h@MM, W32.Gruel@mm, Win32.Gruel, Win32/Gruel.D, WORM_GRUEL.H, W32/GenericP2P.worm, W32/Gruel.F, Gruel.F
Plataforma: Windows 32-bit
Tamaño: 102,400 bytes
Fecha: 19/jul/03

Esta versión del gusano, fue enviada en forma de SPAM por el autor, a través del correo electrónico, disfrazada como una noticia urgente de la CNN en un mensaje como el siguiente:

De: CNN.com sci-tech@cnn.com
Asunto: WORST EVER VIRUS (CNN announced)
Datos adjuntos: Protect_Remove_Tool.exe

Texto:

PLEASE SEND THIS TO EVERYONE ON YOUR
CONTACT LIST !!
Download now this tool to protect your Computer now.
A new virus has just been discovered that has been
classified by Microsoft as the most destructive ever!
This virus was discovered yesterday afternoon by
McAfee. This virus simply destroys Sector Zero from
the hard disk, where information for its functioning
are stored. This virus acts in the following manner:
It sends itself automatically to all contacts on your
list with the title "A Virtual Card for You." As soon
as the supposed virtual card is opened, the computer
freezes so that the user has to reboot.
When the ctrl+alt+del keys or the reset button are
pressed, the virus destroys Sector Zero, thus
permanently destroying the hard disk.

Yesterday in just a few hours this virus caused panic
in New York, according to news broadcast by CNN.
This alert was received by an employee of Microsoft
itself. So don't open any mails with subject: "A
Virtual Card for You." As soon as you get the mail,
delete it. Please pass this mail to all of your
friends.
Forward this to everyone in your address book.
I would rather receive this 25 times than not at all.
Also: Intel announced that a new and very destructive
virus was discovered recently.
If you receive an email called "An Internet Flower
For You," do not open it. Delete it right away! This
virus removes all dynamic link libraries (.dll files)
from your computer. Your computer will not be able to
boot up!!

CNN.com

Al ejecutarse, se propaga en la misma forma que el Gruel.A, a través del siguiente mensaje:

Asunto: Symantec: New serious virus found
Datos adjuntos: [Uno de los siguientes]

Rundll32.exe
Protect_Remove_Tool.exe

Texto:

Norton Security Response: has detected a new virus
in the Internet. For this reason we made this tool
attachement, to protect your computer from this
serious virus. Due to the number of submissions
received from customers, Symantec Security Response
has upgraded this threat to a Category 5 (Maximum ).


Más información:

W32/Gruel.A. Falsos mensajes de Microsoft y Symantec
http://www.vsantivirus.com/gruel-a.htm


Actualizaciones:

22/jul/03 - Se modifcó descripción



(c) Video Soft - http://www.videosoft.net.uy
(c) VSAntivirus - http://www.vsantivirus.com

 

Copyright 1996-2003 Video Soft BBS