Click To Enlarge
GREENWICH PUBLIC SCHOOL COMPUTER'S ARE INFECTED
"Virus found: W97M/Marker"
ALL GREENWICH REPORTERS AND EDITORS HAD BETTER THINK TWICE BEFORE OPENING THOSE GREENWICH PUBLIC SCHOOL ATTACHMENTS IN THE EMAILED PRESS RELEASE
W97M/Marker Virus
Information about W97M/Marker virus:
W97M/Marker (also known as HSFX) is a Word macro virus that collects user information from Word and uses FTP to send it over the internet. The virus is similar to W97M/Caligula. Like Caligula, it sends the data over to codebreakers.org. It also has some similarities to WM/Ethan.
W97M/Marker is polymorphic. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.
The virus contains an infection marker in the beginning of its code:
"<- This is a Marker"
W97M/Marker.A saves its in a file called c:\netldv.vxd. To infect documents the virus export its code from global template to this file and after that deletes the file, so the user can't find it.
W97M/Marker.O
W97M/Marker.O
W97M/Marker-O is a modified variant of W97M/Marker virus. It is a Polymorphic Word macro virus. The polymorphism consists of adding a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address.
The virus contains an infection marker in the beginning of its code ":-D you are Marked!". The original W97M/Marker will contain the string "<- This is a Marker". It uses this string to find whether the file is infected or not. If the file is already infected, it will not infect the same file again.
ARE HACKERS STEALING SENSITIVE GREENWICH BOARD OF EDUCATION DATA AS WE SPEAK. TEACHERS AND PARENTS MIGHT WANT TO CHECK THIER CREDIT REPORTS
==========================================================
Please send your comments to GreenwichRoundup@gmail.com or click on the comments link to Continue.
No comments:
Post a Comment