The Web    Google
1/12: Buchon-C a Mass-Mailing Worm

1/12: Buchon-C a Mass-Mailing Worm
January 12, 2005
W32/Buchon.c@MM is a mass-mailing worm. It bears the following characteristics:

  • contains its own SMTP engine to construct outgoing messages
  • harvests target email addresses from the victim machine
  • spoofs the From: address
  • drops a trojan (keylogging and proxy) to the victim machine

    The worm harvests target email addresses from files on the victim machine with the following extensions:

  • .dbx
  • .wab
  • .mbx
  • .eml
  • .mdb
  • .tbb
  • .txt
  • .html
  • .htm
  • .doc
  • .rtf
  • .cgi
  • .php
  • .asp
  • .inbox
  • .dat

    Outgoing messagees are constructed as follows:

    From: Spoofed
    Subject: Mail Delivery failure - (insert target email address)

    More information can be found at McAfee page.

  • How Long Must You Wait for an Anti-Virus Fix?
  • 2/11: Rbot-VT Worm Has Backdoor Ability
  • DNSSEC: For When a Spoof Isn't a Comedy
  • 9/9: Mydoom-U Worm Packed with UPX
  • Shaving Time From The Virus Race
  • 4/22: CashGrab-A Hits Bank Customers
  • War Threat Threaded to Digital Attacks?
  • Pedestal Adds Security Benchmark Score to Audit Software
  • Security Firms Sound Alarm on Latest Microsoft Flaws
  • Central Command Unveils Linux Antivirus Software
  • 5/20: Mytob-EU Worm Drops Copy
  • Discussion on Security Camera