|
SpamChoke Antispam
Software
|
W32/Zhelatin.HS Worm
 Information
about the W32/Zhelatin.HS Worm:
W32/Zhelatin.HS is a Worm. The Worm will infect
Windows systems and spreads through email.
The subject of the infected mail will be any one of the following;
Dude your gonna get caught, lol
Dude, what yew your wife finds this?
HAHAHAHAHAHA, man your insane!
how did you get that one film, man?
I cant belive you did this
are you kidding me? lol
Dude of which send that stuff to my home email?
LMAO, your crazy man
man, who filmed this thing?
oh man your nutz
LOL, dude what are you doing
LOL, that is cool too .....
ROTFLMAO, who is that your with? C
where did you hide that camera?
sheesh man, what are you thinkin
this is too crazy, goal she is hot
where did you hook up with that?
Who is that your with? lol
Where did you take that?
The body of the infected mail will be any one of the following;
Dude I know thats you, someone emailed me has link to the video. see for yourself? http://www.youtube.com/watch?v=[random 11 characters]
This is not good. Yew this video gets to her husband your both dead. check it out yourself http://www.youtube.com/watch?v=[random 11 characters]
If your mom sees this she this video of you she is gonna freak. here is where I found it? http://www.youtube.com/watch?v=[random 11 characters]
OMG, what are you doing man. This video of you is all over the Net. go look at it? http://www.youtube.com/watch?v=[random 11 characters]
What are you thinking? yew stalemate sees this your divorced dude. : - {) young stag is the link I got http://www.youtube.com/watch?v=[random 11 characters]
LMAO, I cant believe you could this video online. Everyone edge see your face there. LOL check it out yourself http://www.youtube.com/watch?v=[random 11 characters]
Man you cuts got to tell me where you picked her up. I saw this one the Web, it has to be you. see for yourself? http://www.youtube.com/watch?v=[random 11 characters]
Yew your dad see this video you made, He is gonna kill you. take has look, lol? http://www.youtube.com/watch?v=[random 11 characters]
You edge see your face right in the video. its all over the Web dude. this is the link to it. http://www.youtube.com/watch?v=[random 11 characters]
Yew your mom sees this she this video of you she is gonna freak. check it out yourself http://www.youtube.com/watch?v=[random 11 characters]
You need to take this offline, it is in everyones email. : - (go look At it? http://www.youtube.com/watch?v=[random 11 characters]
Once the hyper link mentioned in the mail is clicked it will be redirected to any one of the following IP addresses:
http://68.[removed].208/
http://68.[removed].77/
http://81.[removed].245/
http://209.[removed].241/
http://71.[removed].128/
http://89.[removed].219/
The said IP address contains a webpage which looks like a famous website YouTube.
This webpage contains a link to the copy of this worm.
Upon execution, the worm copies itself as spooldr.exe in Windows folder.
It also drops spooldr.sys in Windows System folder.
It also tries to terminate some of the security related processes.
After this using its own SMTP engine, the worm mails itself to all email addresses found in files with .DHTML and .SHTM extensions.
This Worm first appeared on Aug 27, 2007.
Other
names of W32/Zhelatin.HS Worm:
This Worm is also known as Email-Worm.Win32.Zhelatin.hs, WORM/Zhelatin.Gen, Trojan.Packed.13, Tibs-Packed, WORM_ZHELATI.MAB.
|
