News Spacer Products Spacer Service Spacer Virus Center Spacer Contact Spacer Downloads Spacer Search

LogoGlobeAntiVirus Software
virus alerts

W32.Blebla Worm

  • Download the latest version of Command AntiVirus

  • Get the latest virus definition files

  • Buy Command AntiVirus online


    • Name: W32.Blebla
    Aliases: Romeo and Juliet, W32/Verona, I-Worm.Blebla, Troj Blebla.A
    Type: Internet Worm
    Discovery Date: November 15, 2000

    Description:

    This worm, which originated in Poland, is sent as an email with an HTML format and two attachment files named MyJuliet.chm and MyRomeo.exe. The subject line of the email is arbitrarily selected from the following list:

    Romeo&Juliet;
    :))))))
    hello world
    !!??!?!?
    subject
    ble bla, bee
    I Love You ;)
    sorry�
    Hey you !
    Matrix has you�
    my picture
    from shake-beer

    The email will seem to be blank when received, and will not appear to have any attachments. When the infected email is opened, the HTML component will save the two attachments to the Windows\Temp folder. A script program will be activated from this location, opening the file MyJuliet.chm, which in turn will execute the MyRomeo.exe file. At this point, MyRomeo.exe will open the Windows Address Book and begin to send out HTML messages with CHM and EXE file attachments to the email address listed therein. The worm will attempt to use one of six mail servers located in Poland to accomplish this.


    File Size:

    The MyRomeo.exe (Windows PE executable) is approximately 30KB, packed by UPX compression utility. The packed file is 29184 bytes, and is written in Borland Delphi.


    Detection:

    Command AntiVirus version 4.59.0 or higher with definition files dated 11/20/2000 or later will identify both parts as "is a security risk or a "backdoor" program".


    Patch Information:

    Patches are available on the Microsoft website for "IFRAME ExecCommand" Vulnerability, which is exploited by the Blebla virus. Click the following link for more information and to download the patches:

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

    HomePurchase CenterVirus CenterSupport Center
    Quick Links
    BUY NOW
    PRODUCT INFO
    SOFTWARE UPDATES
    LATEST DEFFILES


    This Section
    Product Information
    Product Literature
    Tutorials
    Documentation
       - Manuals
       - Readmes
       - Quick Start Guide
       - Viewing Utilities
    Test Drives
    How to Buy
    Contact Us
    Latest DEF Files
    Latest Version
    Latest Patches

    Awards





    Home Page