Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Trend Bulletin

  • 29-12-2001 3:20am
    #1
    GoneShootin
    Closed Accounts Posts: 8,478 ✭✭✭


    WORM_SHOHO.A and WORM_ZOHER.A both use a known vulnerability in Internet
    Explorer-based email clients to execute the file attachment automatically.
    This vulnerability is also known as Automatic Execution of Embedded MIME type.

    WORM_SHOHO.A is destructive as it randomly deletes files in the current directory.
    It propagates by sending itself to all e-mail addresses obtained by connecting to
    SMTP servers. A sample of the email it arrives in is:

    Subject: Welcome to Yahoo! Mail
    Message Body: Welcome to Yahoo! Mail
    Attachment: README.TXT______________.PIF

    Upon execution, WORM_ZOHER connects to a Web site from where it downloads a
    text message. This text message contains the email message and subject used by
    the worm to propagate, which vary. The email message is in MIME format and in it
    is an embedded copy of the worm itself. The worm propagates by sending an email to
    all addresses listed in the Windows Address Book via the default SMTP server.

    For additional information about WORM_SHOHO.A and WORM_ZOHER.A, please visit the
    Trend Micro Virus Information Center at:
    http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_SHOHO.A
    http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOHER.A


Advertisement