|
|
| Nombre: | GrislyBear Hoax |
| Tipo: | HOAX |
| Tamaño: | N/Determinado |
| Origen: | Internet |
| Fecha de Descubrimiento: | |
| Recomendaciones: | Este es una falsa alerta de virus. IGNORE el mensaje y no lo reenvíe a otras personas y eliminelo de su computador. |
Este es una falsa alerta (hoax), los hoaxes frecuentemente
tienen muchas variaciones en circulación, son mensajes similares pero
no identicos.
No reenvie los mensajes a otras personas y eleiminelo de su computador.
Esta falsa alerta advierte de un nuevo y maligno virus que se envia asi mismo via email y que llega en un archivo adjunto llamado 'grislybear.exe'. con el asunto: hilarious john west salmon movie, el falso mensaje que incluye es una "advertencia" similar a la que se muestra lineas abajo:
Caracteristicas del mensaje:
Vunerable - Micrsoft Outlook users.
Areas so far - Australasia, Hong Kong, Turkey, Japan
Risk - High Damage - High
A new virus is doing the rounds and is reported to be spreading rapidly.
The Virus is known as 'grislybear' and according to the trend anti virus site www.antivirus.com originates in Hong Kong. The virus is believed to be a message in support of the Scottish football team Glasgow Rangers who lost the Scottish football competition this year to Glasgow Celtic.
The worrying aspect of the virus is that it at first takes on the appearance of being a movie of the popular John West Salmon advertisement in which a man fights with a bear. This will fool users into thinking that it is harmless and therefore users will doubleclick on the attachment therefore relacing the virus payload. (see below)
The characteristics of the virus are as follows.
It is spread va email as an attachment. The attachement is called grislybear.exe
The email contains the subject 'hilarious john west salmon movie'
The body of the email messages contains the text 'the first john west movie was hilarious! Wait till you see the second - attached - it won't even be on TV for another 2 months'
The attachment is a self contained .exe file called grislybear.exe and when a user runs this it launches a shockwave flash movie that shows an animation on screen of a cartoon bear dressed in a Glasgow Rangers football top. The words '2/13 just not good enough until next year' appear on the movie.
While this movie is playing the program will access the users Outlook address book and send a copy of itself to all contacts listed in the address book. More worryingly, the .exe overwrites the winsock.dll and wsock32.dll on users PC's and each time these files are used by windows, mutliple copies are created of the files and they are placed at random throughout the PC. This has the potential to cause PC communication problems as most internet programs use these files and only expect to find 1 or 2 on the computer.
The main problems caused by the virus are the corruption of winsock and wsock32 files as explained above and also the potential clogging of company email systems.
Company network and IY administrators and urged to block all attachments with the word 'grisly' or 'bear' in them. All home Pc users are advised to ensure that their pc is up to date with the latest virus software.
Derechos reservados 1992/2002 HackSoft S.R.L. Lima-Perú