 |
| Goner is a mass-mailer written in Visual Basic. It appeared on December 4th, 2001. The worm is a PE EXE file about 39 kilobytes long, it is packed wit
|
The worm spreads itself using Outlook and ICQ if it's installed on an infected computer. It also drops a few scripts to MIRC client directory. These scripts can be used to flood certain IRC channels.
When the worm's file is run, it shows a dialog box with greetings and some animation. This is done to disguise itself. Then it shows a messagebox with a fake error message:
Error While Analyze DirectX!
The worm copies itself as GONE.SCR to Windows System folder and tries to creates its startup key in the Registry. The worm runs as a service process, so its task is not visible in Task Manager.
To spread itself the worm connects to Outlook Address Book, reads e-mail addresses from it and sends itself to all these addresses. The infected message looks like that:
Subject: Hi
Body:
How are you ?
When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!
Attachment: Gone.scr
The worm also attempts to send itself through ICQ if it is installed on an infected computer. It uses a standard ICQ component to send out its file. The worm sends file transfer request to a contact of an infected user who appears to be on-line (in any mode) and if that person approves file transfer, the worm sends its file to that person. |
| Tilbake... |
|
|
|
 |
|
 |
 |
