MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.

Sign in | Help

Security Manifest » Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

Security Manifest

Home
Contact

Syndication

Recent Posts

Tags

Write-Ups

Security Blogs

Miscellaneous Blogs

Security Sites

Archives

Kelvir.B (Kelvir.A at Symantec) is an MSN Messenger worm that appeared yesterday, has now been characterized by Symantec as spreading in the field. The worm arrives as a link to the file cute.pif on a web site on the home.att.net domain. It also downloads a variant of W32/SDBot, a backdoor and open share worm, as patch.exe from a web site on the home.comcast.net domain.

Details
Kelvir.B was discovered on March 6, 2005, with details first published shortly after midnight GMT. So far, details are limited, other than that at this time it appears that the targeted web sites are still up (I am unable to verify this as no description that includes the URL uncensored has yet been published).

So far it is unknown how quickly Kelvir.B is spreading, but Symantec's characterization of the worm as Medium on their Wild scale and their publishing of a temporary description while they were investigating the threat suggests that it may be spreading somewhat quickly in the MSN Messenger community.

The format for messages is “omg this is funny! (Link to worm)“.

Protection
Updated detections for most antivirus programs should appear within the next 24 hours or so. It is unlikely emergency detection will be published, as the worm reminds a Low risk threat on all descriptions at this time. In the meantime, MSN Messenger users should exercise common sense and not open any executable file format that is sent to them randomly, including .pif, which this worm uses.

Infected users should wait for detection files and/or more detailed information and removal information to be published before attempting to remove the worm. Until then, infected users should avoid connecting to the Internet or any open network.

Links
Secunia - Compiles latest descriptions and links.
Sophos - Basic description with some details. No removal instructions. “More detailed information to follow shortly.“
McAfee - Basic description with some details. No removal instructions.
Symantec - Very basic description with no details. No removal instructions. “More information [will be posted] as it becomes available.” Refers to worm as “Kelvir.A.”

Posted Mar 06 2005, 05:49 PM by trafton

Filed under: VIRUSES, SECURITY, Viruses (Medium)

Comments

trafton wrote buy hydrocodone

on 03-30-2005 17:43

http://hydrocodone.net2.ro/index.html http://hydrocodone.net2.ro/buyhydrocodone.html http://hydrocodone.net2.ro/buy_hydrocodone_online_.html http://hydrocodone.net2.ro/buy_cheap_hydrocodone_online.html http://hydrocodone.net2.ro/buy_hydrocodone_online.html http://hydrocodone.net2.ro/buy_hydrocodone_online_with_no_prescription.html http://hydrocodone.net2.ro/hydrocodone-buy-.html http://hydrocodone.net2.ro/buy_cheap_hydrocodone.html http://hydrocodone.net2.ro/buy-hydrocodone.html http://hydrocodone.net2.ro/buy-hydrocodone-club-join.html http://hydrocodone.net2.ro/buy-hydrocodone-cod.html http://hydrocodone.net2.ro/buyhydrocodoneline.html http://hydrocodone.net2.ro/buy-hydrocodone-overnight.html http://hydrocodone.net2.ro/buy_hydrocodone_prescription.html http://hydrocodone.net2.ro/buy_hydrocodone_where.html http://hydrocodone.net2.ro/buy-liquid-codeine-lortab-hydrocodone-cough-syrup.html http://hydrocodone.net2.ro/hydrocodone-buy-online-.html http://hydrocodone.net2.ro/hydrocodone_online_.html http://hydrocodone.net2.ro/online_hydrocodone_.html http://hydrocodone.net2.ro/bu_hydrocodone_online.html http://hydrocodone.net2.ro/buying_hydrocodone_online.html http://hydrocodone.net2.ro/cheap_hydrocodone_online.html http://hydrocodone.net2.ro/cheap_online_prescription_hydrocodone_overnight_delivery.html http://hydrocodone.net2.ro/cod_hydrocodone_online.html http://hydrocodone.net2.ro/hydrocodone_buying_narcotic_online.html http://hydrocodone.net2.ro/hydrocodone-free-online-prescription.html http://hydrocodone.net2.ro/hydrocodone_online_ordering.html http://hydrocodone.net2.ro/hydrocodone-online-pharmacy.html http://hydrocodone.net2.ro/hydrocodoneonlineprecriptions.html http://hydrocodone.net2.ro/hydrocodone-prescription-online.html http://hydrocodone.net2.ro/online-consultation-and-hydrocodone.html http://hydrocodone.net2.ro/onlinepharmacyandnoprescriptionandhydrocodone.html http://hydrocodone.net2.ro/online-pharmacy-drug-hydrocodone-10-500.html http://hydrocodone.net2.ro/onlinepharmacyhydrocodonevicodin.html http://hydrocodone.net2.ro/onlinepharmacysellhydrocodone.html http://hydrocodone.net2.ro/online-rx-hydrocodone.html http://hydrocodone.net2.ro/orderhydrocodoneonline.html http://hydrocodone.net2.ro/pain_medication_online_hydrocodone.html http://hydrocodone.net2.ro/purchase-hydrocodone-online.html
http://hydro1.zap3x.com/
http://www.hydro2.home.ro
http://www.hydro1.go.ro
http://vicodinphar.premium.ws/
http://premium.ws/vicodinphar/
http://www.vicodinphar.premium.ws/
http://www.premium.ws/vicodinphar/
http://phenterminepage.visit.ws/
http://visit.ws/phenterminepage/
http://www.phenterminepage.visit.ws/
http://www.visit.ws/phenterminepage/
http://hydrocodoneapap.rocks.it
http://hydrocodonebitartrate.does.it
http://hyd1.makes.it
http://hydphar.128bit.at
http://hydrocodoneorder.venture.at

TrackBack wrote re:Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

on 04-13-2005 7:12

^_^,Pretty Good!

TrackBack wrote re:Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

on 04-25-2005 4:22

^_~,pretty good!18showsseeoo

TrackBack wrote re:Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

on 05-10-2005 4:33

^_~,pretty good!csharpsseeoo

trafton wrote pagerank main

on 08-17-2005 5:19

Thank you! http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com/improvepr/">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com/improvepr/ <a href='http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com'>improve pagerank default</a>. <a href="http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com ">PageRank 11</a>: do rank, google pagerank algorithm, testing of system. Also [url]http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com/linksale/[/url] and [link=http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com]google rank 20[/link] from http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com .

trafton wrote google pr main

on 08-17-2005 5:19

Thanks! http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com/contacts/">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com/contacts/ google pr. [URL=http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com]pagerank 5[/URL]: do rank, google pagerank algorithm, testing of system. Also [url=http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com]online pr16[/url] from http://www.dorank.com">http://www.dorank.com">http://www.dorank.com">http://www.dorank.com .

trafton wrote re: Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

on 10-04-2005 11:07

ttp://medlem.jubii.dk/jeuxdecarte/achat-jeu-pc
http://medlem.jubii.dk/jeuxdecarte/console-de-jeu
http://medlem.jubii.dk/jeuxdecarte/console-de-jeu-video
http://medlem.jubii.dk/jeuxdecarte/eveil-et-jeu
http://medlem.jubii.dk/jeuxdecarte/gamme-jeu
http://medlem.jubii.dk/jeuxdecarte/jeu
http://medlem.jubii.dk/jeuxdecarte/jeu-action
http://medlem.jubii.dk/jeuxdecarte/jeu-adulte
http://medlem.jubii.dk/jeuxdecarte/jeu-arcade
http://medlem.jubii.dk/jeuxdecarte/jeu-a-telecharger-gratuitement
http://medlem.jubii.dk/jeuxdecarte/jeu-aventure
http://medlem.jubii.dk/jeuxdecarte/jeu-barbie
http://medlem.jubii.dk/jeuxdecarte/jeu-concours
http://medlem.jubii.dk/jeuxdecarte/jeu-d-argent
http://medlem.jubii.dk/jeuxdecarte/jeu-de-billard
http://medlem.jubii.dk/jeuxdecarte/jeu-de-sport
http://medlem.jubii.dk/jeuxdecarte/jeu-de-strategie
http://medlem.jubii.dk/jeuxdecarte/jeu-de-tarot
http://medlem.jubii.dk/jeuxdecarte/jeu-de-voiture

trafton wrote re: Kelvir.B Worm - Developing Minor MSN Messenger Outbreak

on 10-06-2005 7:44

http://www.gdisimo-potho.loost.com @ http://www.pic-diafiletikos-haristikos.loost.com @ http://www.video-pehnidia-video.loost.com @ http://www.poli-praxi.loost.com @ http://www.anetos-gamimeno.loost.com @ http://www.peponia-astios.loost.com @ http://www.videos-nearos-video.loost.com @ http://www.poli-galos.loost.com @ http://www.videos-na-hezo-syloges.loost.com @ http://www.indi-gios.loost.com @ http://www.pics-modela-tenia.loost.com @ http://www.picture-kano-banio-sylogi.loost.com @ http://www.password-palamari-eleftheros.loost.com @ http://www.pics-botes-eleftheros.loost.com @ http://www.mov-gamimeno-ikones.loost.com @ http://www.mov-gimnostithi-kinimatographos.loost.com @ http://www.free-sylipsi-sylogi.loost.com @ http://www.to-pio-zesto-isvoli.loost.com @ http://www.neoteros-omorfia.loost.com @ http://www.kokinomala-hamilos.loost.com @ http://www.poutana-pic.loost.com @ http://www.videos-dose-mou-kolo-klima.loost.com @ http://www.mounia-klima.loost.com @ http://www.profilaktiko-sto-domatio.loost.com @ http://www.adrikios-kineza.loost.com @ http://www.to-pio-zesto-skotadi.loost.com @ http://www.picture-nosokoma-haristikos.loost.com @ http://www.astios-me-stithos.loost.com @ http://www.aoratos-na-gamiso.loost.com @ http://www.mpg-geisa-klipakia.loost.com @ http://www.xxx-boukali-mpompina.loost.com @ http://www.porno-epihirisi.loost.com @ http://www.porno-bastardos-ikonidia.loost.com @ http://www.xxx-vromikos-poza.loost.com @ http://www.exeretikos-hantres.loost.com @ http://www.xirisma-perifronitikos.loost.com @ http://www.trihotos-entonos.loost.com @ http://www.picture-bikini-film.loost.com @ http://www.free-nailon-foto.loost.com @ http://www.gelastos-adrikios.loost.com @ http://www.proktiko-dropalos.loost.com @ http://www.sylogi-mystiriodis.loost.com @ http://www.free-terastios-haristikos.loost.com @ http://www.podia-ripsokindinos.loost.com @ http://www.xxx-pidima.loost.com @ http://www.prosinis-kaftos.loost.com @ http://www.dropalos-akreos.loost.com @ http://www.sex-alithinos-ouranos.loost.com @ http://www.elkistikos-tsouli.loost.com @ http://www.prostihi-fantastika.loost.com

Add a Comment

Name: (required)

Website: (optional)

Comments (required)

Remember Me?

Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems