|
W32.Blebla Worm
Download the latest version of Command AntiVirus
Get the latest virus definition files
Buy Command AntiVirus online
Name: W32.Blebla
Aliases: Romeo and Juliet, W32/Verona, I-Worm.Blebla, Troj Blebla.A
Type: Internet Worm
Discovery Date: November 15, 2000
Description:
This worm, which originated in Poland, is sent as an email with an HTML format and two attachment files named MyJuliet.chm and MyRomeo.exe. The subject line of the email is arbitrarily selected from the following list:
Romeo&Juliet;
:))))))
hello world
!!??!?!?
subject
ble bla, bee
I Love You ;)
sorry�
Hey you !
Matrix has you�
my picture
from shake-beer
The email will seem to be blank when received, and will not appear to have any attachments. When the infected email is opened, the HTML component will save the two attachments to the Windows\Temp folder. A script program will be activated from this location, opening the file MyJuliet.chm, which in turn will execute the MyRomeo.exe file. At this point, MyRomeo.exe will open the Windows Address Book and begin to send out HTML messages with CHM and EXE file attachments to the email address listed therein. The worm will attempt to use one of six mail servers located in Poland to accomplish this.
File Size:
The MyRomeo.exe (Windows PE executable) is approximately 30KB, packed by UPX compression utility. The packed file is 29184 bytes, and is written in Borland Delphi.
Detection:
Command AntiVirus version 4.59.0 or higher with definition files dated 11/20/2000 or later will identify both parts as "is a security risk or a "backdoor" program".
Patch Information:
Patches are available on the Microsoft website for "IFRAME ExecCommand" Vulnerability, which is exploited by the Blebla virus.
Click the following link for more information and to download the patches:
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Home � Purchase Center � Virus Center � Support Center
|
|
|