filmov
tv
Viral Rewind: Virus.Win32.Bacros
Показать описание
-----------------------------------------------------------
. This Viral Rewind is a bit longer since this virus works differently between Windows NT and Windows 9x operating systems. So strap in!
Bacros is a 32-bit virus with multiple payloads that behaves slightly different on NT vs 9x systems. It even drops a Microsoft Word macro virus alongside the other malicious things it does. Bacros looks like a standard text document from its icon and even opens a text document with Bacros (or something different depending on the filename). But don't be fooled; it's in actuality an application .EXE file however if you don't disable "hide file extensions" you won't notice this. When run, Bacros drops several files:
Payloads (controlled by date):
1st of any month (NT only): Bacros searches out all .gif image files on the machine and overwrites them with "KUOLE JEHOVA"
2nd of any month: Bacros searches out all .txt text files and creates a companion file of the virus with the same name as the text file. Then it hides the original text file and links it to the Bacros companion executable.
December 6th: Bacros replaces the desktop background with that of the Finnish flag as the date corresponds to Finland's Independence Day.
December 25th: Bacros deletes all personal files and the majority of system files thus requiring either restoring from backups or a fresh system installation.
-------------------------
. This Viral Rewind is a bit longer since this virus works differently between Windows NT and Windows 9x operating systems. So strap in!
Bacros is a 32-bit virus with multiple payloads that behaves slightly different on NT vs 9x systems. It even drops a Microsoft Word macro virus alongside the other malicious things it does. Bacros looks like a standard text document from its icon and even opens a text document with Bacros (or something different depending on the filename). But don't be fooled; it's in actuality an application .EXE file however if you don't disable "hide file extensions" you won't notice this. When run, Bacros drops several files:
Payloads (controlled by date):
1st of any month (NT only): Bacros searches out all .gif image files on the machine and overwrites them with "KUOLE JEHOVA"
2nd of any month: Bacros searches out all .txt text files and creates a companion file of the virus with the same name as the text file. Then it hides the original text file and links it to the Bacros companion executable.
December 6th: Bacros replaces the desktop background with that of the Finnish flag as the date corresponds to Finland's Independence Day.
December 25th: Bacros deletes all personal files and the majority of system files thus requiring either restoring from backups or a fresh system installation.
-------------------------
0:27:11
Viral Rewind: Virus.Win32.Bacros
0:05:21
Viral Rewind: Virus.Win32.Halen
0:08:43
Virus.Win32.Bacros
0:06:40
Virus.Win32.Bacros
0:16:08
Viral Rewind: Macro.Word/Excel.Tamago
0:06:44
Viral Rewind: Virus.Win9x.Lovesong
0:10:20
Viral Rewind: Macro.MSWord.Appder
0:13:44
Viral Rewind: Email-Worm.Win32.Gruel
0:01:34
Virus.Win32.PulseKeys
0:03:37
Virus.Win32.Tirtas
0:00:10
we are in de studio cooking.
0:01:16
Virus.Win32.Rigel.6468
0:04:20
Virus.Win32.Blueballs
0:03:13
Viral Rewind: Macro.Excel.Button
0:09:40
Email-Worm.Win32.Parrot
0:05:01
Virus.Win9x.Dado (Reupload)
0:03:13
Trojan.Win32.B17Bomber
0:04:27
Virus.MSOffice.Cybernet
0:03:33
Virus.Win9x.Spaces
0:01:21
Virus.DOS.RTL
0:06:30
Email-Worm.VBS.Dumb
0:03:45
Opaserv Exploit Demo
0:01:21
Virus.Win9x.Youd
0:03:31
Net-Worm.Win32.Opaserv
Комментарии