Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2907
|
 |
Trile (W32/Trile)
« on: Jun 12th, 2003, 7:19pm » |
 Quote  Modify
|
Here's another to watch out for...
Trile (W32/Trile)
This malicious code has the ability to infect files and also uses social-engineering with the aim of spreading as widely as possible.
Trile reaches computers in an e-mail with highly variable characteristics, as it selects subject names and text etc. from a list of options including:
Subject:
- Your News Alert!!
- New Reading
- Membership Confirmation
- Cows
Text:
- Attached one Gift for u..
- More details attached!
- Hi
- Check the attachment..
Attachment name:
- screensaver
- urfriend
- screensaverforu
- screensaver4u
These attachments always have a double extension, one of which is .bat or .pif and the other could be any of the following: .gif, .mpg, .mp3, .xls, .wav, .dat, .jpg, .htm, .txt, .mdb, .bmp or .doc.
If this file is run, Trile sends itself out to all entries in the Outlook address books. It also creates, if it doesn't already exist, the "C:/My Downloads" folder. In this folder, the worm creates a large number of copies of itself with enticing names like: Civilization 3 Full Downloader.exe, Need For Speed 5 Porsche Unleashed Patch.exe or Star Wars Starfighter ISO - Full Downloader.exe.
Trile also infects .EXE files. Finally, it creates a series of entries in the Windows registry related to the actions that the worm carries out on the infected computer which indicate, for example, how many messages it has sent out.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register