AOLF ANVAISA CERCA FIDUCIARIA LUSSEMBURGHESE

[bartolelli 2865]

-Aumm Aumm International holding;

-Chi se fa li cazzi sua campa 100 anni International Holding;

-Smentisco International Holding;

-Triennal International Holding;

-Rassicuration International Holding.

-altro

[Visioner 0]

- Basso Profilo nel Palazzo Holding;

- Cittadella Immobiliare Holding

[il_gabibbo 71]

NOTAR S.A.

[bartolelli 2865]

NOTAR S.A.

Intesa come NO al TAR?

[Giamma 9]

FINTAS HOLDIG GROUP...

[lucetta 0]

EnerTAR Franchising International S.A.

 

 

[BRAVEHEART 298]

Triennal International Olding

[alien 877]

Esistonosoloipattidagentiluomini HOLDING

[Lazzaro 0]

Gentleman Agreement Company

[ilpizzopazzo 1]

STRETTADIMANO HOLDING INTERNATIONAL

[Giamma 9]

SerieAcredemoce Holding Group

[Teleumbriaviva 9]

eeehm SpA

capozza holding

[il_gabibbo 71]

I-Worm.Fintas

 

 

 

Last Modified: November 30, 2001

 

This is a virus-worm that spreads via the Internet attached to infected files. The worm itself is a Windows PE EXE file about 36Kb in length, and is written in Visual Basic Script.

 

The worm activates from an infected e-mail only when a user clicks on the attached file. The worm then installs itself to the system, and runs a spreading routine and payload.

 

Installing

 

While installing, the worm copies itself:

 

to the Windows directory, Windows system directory and C: drive root - with the `.EXE name to the Windows TEMP directory - with a name that depends on the worm version:

 

FF8.EXE

FunnyFlash.EXE

 

The C:\`.EXE file is then registered in the system registry auto-run key:

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 723 = c:\`.exe

and in the Windows SYSTEM.INI file, [boot] section, in the "shell" auto-run command.

 

Spreading

 

To send infected messages, the worm uses MS Outlook and sends messages to all addresses found in the Outlook address book.

 

Subject, Body and Attachment name are different in the known worm versions:

 

Subject/Body/Attach:

 

Microsoft Shockwave Flash Movie

Check "Family.exe" then you could see Microsoft family's Shockwave Flash Movie

FamilyMovie.exe

 

 

CoolGame From %UserName%

the cool game about Final Fantasy VIII

FF8.EXE

 

 

FunnyFlashMovie From %UserName%

the flash movie,check it !

FunnyFlash.EXE

 

where %UserName% is the Name of the affected machine.

 

Fintas.a

 

The first-known worm version, after e-mail spreading, deletes the files in the following Windows directory: REGEDIT.EXE, SYSTEM.INI, WIN.INI, COMMAND\EBD\io.sys, then the files: C:\IO.SYS, C:\NETWORK.LOG. It then copies the worm's copy to the J: network drive (if it exists).

 

The worm then creates and spawns two VBS files: "c:\passwd.vbs" and "c:\leo.vbs", and then displays the following message:

 

 

 

The LEO.VBS file looks for the following files: .html .htm .asp .php .dll .com .txt .doc .xls .exe and overwrites them with the text:

 

Hi! I am LEO

The PASSWD.VBS file looks for .PWL files (passwords) and sends them to the "leotam888@china.com" e-mail with a "mypasswd" subject.

 

Payload - other versions

 

On the 23rd of any month, the worm runs its payload routine (which takes effect under Win9x systems only). It writes, to a C:\MSDOS.SYS file, an instruction that disables the Windows boot-up process pausing and tracing, and then overwrites a C:\AUTOEXEC.BAT file with instructions that will format all drives from C: to Z: upon next machine reboot.

 

Then the worm displays the message:

[bartolelli 2865]

Fumamoce su, va'

[bartolelli 2865]

....

[il_gabibbo 71]

LAS TÁCTICAS DEL KARATE (Deportivo)

 

...

 

Otra forma de utilizar estas "acciones falsas" (fintas) es invitarle a atacar una cierta parte de nuestro cuerpo, lo que estamos esperando ya, permaneciendo alerta para el contraataque. Por ejemplo, podemos fintar una patada circular (Mawashi-Geri). El oponente puede "pensar" que nos encontramos fuera de equilibrio porque la hemos efectuado durante un retroceso. Cuando él nos ataca, es el momento ideal para defender y contraatacar nosotros.

 

...

[il_gabibbo 71]

Fintas è anche una città del Kuwait...

 

Fintas