The latest installment of the
Outlook Virus of the Month club,
W32/Goner@MM bears an uncanny
resemblance to
SirCam:
Subject: Hi
How are you ?
When I saw this screen saver, I immediately thought about you I
am in a harry(sic), I promise you will love it!
Attachment: GONE.SCR
Should you be so unlucky as to install and run the
screen saver, you'll get some
31337 greetz:
pentagone
coded by: suid
tested by: ThE_SKuLL and |satan|
greetings to: TraceWar,k9-unit,stef16,^Reno.
greetings also to nonick2 out there
wherever you are.
and some fake DirectX error message.
- The initial payload of this virus specifically targets anti-virus scanners and personal firewall software, by killing the running application, then deleting their files.
- It tries to IM itself via ICQ and mail itself via Outlook to spread.
- Finally, it modifies the mIRC .ini files to install a DDoS zombie.
Why this virus is really, really bad:
Because it effectively blows away antivirus and firewall protections, it leaves the system open to further trojan or virus, and the user doesn't realize that he's left unprotected.
(
definition) by
Stavr0 1913 (
print)
goner \'gon-*r\ n: one whose outlook is hopeless.