Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Emerging Malware Issue: Visal.B


10 Sep 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Emerging Malware Issue: Visal.B

Quote:

Worm:Win32/Visal.B is a new worm, written in Visual Basic, that is currently propagating in part using social-engineering. We strongly encourage customers to be cautious about clicking suspicious or even simply unexpected links in email, even if it’s sent by someone you know. Getting infected by Visal.B is an example of what happens if you aren’t careful.


The threat has a timestamp of 9/3/2010 and spreads using two techniques: mass emailing, and copying itself to local drives (C: and H and network shares. The threat will copy itself to various drives on the local system along with an autorun.inf file, and will also send itself to all contacts that it can find on the compromised system via email.


Visal.B uses MAPI to perform a mass mailing to all contacts that it finds on the compromised system. In a corporate environment the “address book” may be extensive. As more machines on a corporate network are infected, more and more email is sent around on the local network, which can cause mail server performance degradation. The threat also sends back information about the compromised system, specifically IP addresses and system information via a built-in SMTP/ESMTP (mail-transfer) engine.
More -
Emerging Malware Issue: Visal.B - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec
.

10 Sep 2010   #2

Windows 7 Ultimate 32 bit
 
 

Thank you for the heads up.
My System SpecsSystem Spec
11 Sep 2010   #3
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Update on the "Here you have" worm (Visal.B)

Quote:
We have some updated information for you regarding Worm:Win32/Visal.B, known as the "Here you have" worm (with a SHA1, a unique identifier for the threat, of 0x0BA8387FAAF158379712F453A16596D2D1C9CFDC) that we also blogged about yesterday.

First, let us remind you of the two methods originally used by the worm to spread itself: It mass-emailed a link that pointed to malware, and it copies itself to local drives and network shares. The mass mailer takes advantage not only of local address lists in Outlook address book, but it also gathers Yahoo Messenger contacts by parsing files in the user’s
%root%\Program Files\Yahoo!\Messenger\Profiles directory. Although it’s known for the "Here you have" subject, it can also use two others (“Just for you” and “Hi”). Details on the contents of the message are in our encyclopedia entry for Worm:Win32/Visal.B.

In any case, after the worm was discovered, the URL was rendered unreachable. Therefore, although the malware can still send spam, the malicious links are inactive, preventing the worm from spreading further using the spam vector. Although mailboxes can continue to fill up due to unprotected machines executing the malware, those emails will no longer be able to find any malware at the target URL.
More -
Microsoft Malware Protection Center
My System SpecsSystem Spec
.


11 Sep 2010   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
Reply

 Emerging Malware Issue: Visal.B




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:14 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33