W32/Hiton.A@mm 8 Maret 2004
Telah muncul virus baru dengan nama W32/Hiton.A pada tanggal 2 maret 2004, virus ini termasuk jenis virus mass mailing, yang mempunyai ukuran sekitar 45,036 byte atau 65,028 byte.
Mekanisme penyebaran: Jika virus ini dijalankan ia akan melakukan:
Nama subject, body dan attachment akan dipilih dari daftar dibawah ini :
Subject
o "Darling" o "Ciao" o "Ciao TONA" o "Error" o "hi" o ; "hi TONA" o "hello" o "hello TONA" o "hola" o "hola TONA" o "Do not release, its the internal rls!" o "New Internal Rls..." o "here’s the archive you requested" o "Here’s a nice Picture" o "Pr0n!" o "here’s the document" o "here’s the document you requested" o "Mail Transaction Failed" o “La Transaction De Courrier A ÚchouÚ" o "La Transazione Della Posta + venuto a m"... o "Mail Delivery System" o "Returned mail --" o "Status" o "Server Report" o "Undeliverable mail --" o "read it immediately" o "something for you" o "warning" o "information" o "information for you, TONA" o "stolen" o "leaked" o "fake" o "unknown" o "Hey I thought you trusted me but ..." o "Hey Wussap?" o "Another one?" o "Heyyyyyyyy Lola Wussaaap??" o "heyyy" o "heyyy TONA" o "elegant ppl should satisfy thier taste "... o "Wait for more :)" o "Hiiiiiii" o "Hiiiiiii TONA" o "Attatchments" o "gift for you TONA :)" o "Happy Times :)" o "Useful" o "Very funny" o "hey wuts up TONA?" o "hey wuts up?" o "TONA, you have to see this!"
Body :
o “i found this amazing file in my Recycled , i know u love this kind of things ;)ONCRcyaaa” o “Hummm , i hope u accept this show as an apology.ONCRsave it for hard times” o “i will be waiting for u emaill to remind me of your self.” o “I’m fine , thanx for asking :) ONCRand thanx for the nice attachements.ONCRbut unfortunately, i don’t remember you” o “you seem to be mad @ me coz i didn’t send u anything for along time,ONCRi didn’t forget u , but i was kinda busy , i'’ve got all of ur emailsONCRthanx :) and i hope u accept this one as an apology” o “I’ve got this surprise from a friend :)ONCRit really deserves a few minutes of your time.ONCRNever mind !” o “i thing the subject is enough to describe the attached file” o “heyyyy i tried many times to send u this email but ur account was out of storage as i thinkONCRany way , make sure that i didn’t and i won’t forget u :)ONCRCya Forgotte’n :P” o “I’ve got your email , but you forgot to upload the attachments.ONCRDon’t be selfish , i sent you all the files i have, send me anything :(“ o “i just wanted to say sorry for last nightONCRand .. i wish u accept this as an apologyONCRbye dear” o “I can’t be online tonight :(anyway , i sent u something u r gonna love ;)ONCRcya tomorrow” o “i lost FRNA’s Email plzz send this file to her :)ONCRand tell her i can’t be online tonightONCRBye” o “YO TONA , IM SICK OF UR EMAILS , IF U LOSE IT AGAIN I WONT GIVE IT TO U, SAVE ITONCRBYEEE” o “I forgot to tell u , the other file is with FRNA:) bye” o “Heyyyy TONAI lost the other email , anyway i sent u all u needONCRi have just got it , plz tell me if u need more.bye” o “Here is the FRNA ;) Dont tell Sam abt itONCRCya” o “Hi TONA its FRNA.ONCRONCRI was shocked, when I found out that it wasn't you but your twin brother,ONCRthat's amazing, you're as like as two peas. No one in bed is better thanONCRyou TONA. I remember, I remember everything very well, that promised youONCRto tell how it was, I'll give you a call today after 9. He took my skirtONCRoff, then my panties, then my bra, he sucked my t**s, with the same furyONCRyou do it. He was writing alphabet on my pussy for 20 minutes, thenONCRsuddenly stopped, put me in doggy style position and stuck his dagger.ONCRBut TONA, why didn't you warn me that his dick is 15 inches long? I wasONCRstruck, we fucked whole night. I'm so thankful to you, for acquainted meONCRto your brother. I think we can do it on the next Saturday all threeONCRtogether? What do you think? O yes, as you wanted I've made a few picturesONCRcheck them out in archive, I hope they will excite you, and you will dreamONCRof our new meeting...ONCRONCRGreetz FRNA” o “HEY TONA, call FRNA a virus text stealer =)”
Attachments :
o "body" o "mail" o "msg" o "doc" o “talk" o "message" o "creditcard" o "details" o "attachment" o “me" o "stuff" o "posting" o "textfile" o "concert" o "information" o "note" o "bill" o "swimmingpool" o "product" o "topseller" o "ps" o "shower" o "aboutyou" o "nomoney" o "found" o “story" o "mails" o "website" o "friend" o "jokes" o "location" o "final" o "release" o "dinner" o "ranking" o "object" o "mail2" o "part2" o "disco" o "party" o "misc"
Format ext. dapat berupa .exe, .pif, .bat, .zip or .scr.
Virus ini akan mengirimkan email ke semua alamat email yang berada pada file %SYSTEM%\wsick.dll.
o ZONEALARM.EXE o WINMX.EXE o XOLOX.EXE o SPHINX.EXE o OUTLOOK.EXE o OPERA.EXE o MSIMN.EXE o NETSCP6.EXE o NETSCAPE.EXE o IEXPLORE.EXE o KAZAA.EXE o ICQLITE.EXE o ICQ.EXE o EDONKEY.EXE o EMULE.EXE o AIM.EXE
Daya rusak Hiton.A juga akan menambahkan entri kedalam direktori %SYSTEM%\drivers\etc\hosts yang mana file ini akan berusaha untuk melakukan block access ke website vendor antivirus.
Pada kompouter yang terinfeksi akan menampilkan pesan error sbb:
[EXPLORER.EXE] Connection Error 66473: Please check your Internet Connection or Firewall. If the Error occurs again you should Contact your ISP.
Catatan : Update terakhir Norman Virus Control yang dapat mengenali semua varian Bagle, Netsky, MyDoom dan Hiton adalah tanggal 5 Maret 2004
AJT PT. Vaksincom Gedung Rifa lt. 4 Jl. Prof. Dr. Satrio blok C4 / 6-7 Jakarta 12950 Telp :021-526 0787 Fax : 021-526 -752 Email : info@vaksin.com |