{"id":189,"date":"2007-05-26T15:24:24","date_gmt":"2007-05-26T18:24:24","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=189"},"modified":"2007-05-26T15:24:24","modified_gmt":"2007-05-26T18:24:24","slug":"msn-con-bichos","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/","title":{"rendered":"MSN con bichos"},"content":{"rendered":"<p>Desde el viernes pasado se est\u00c3\u00a1n propagando nuevas variantes de gusano por MSN. La particularidad de estos espec\u00c3\u00admenes radica en que sus textos est\u00c3\u00a1n en castellano habiendo gran cantidad de usuarios que est\u00c3\u00a1n cayendo en la trampa de &#8220;mir\u00c3\u00a1 mis fotos que me saqu\u00c3\u00a9 el fin de semana&#8221;.<br \/>\nVeamos de que se trata. Nos llega un mensaje proveniente de un amigo (ya infectado) a nuestro MSN diciendo que nos bajemos sus fotos:<br \/>\n<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s1600-h\/2.png\"><img decoding=\"async\" id=\"BLOGGER_PHOTO_ID_5067187138988037170\" style=\"display: block; margin: 0px auto 10px; cursor: pointer; text-align: center\" src=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png\" border=\"0\" \/><\/a>Como podemos ver en la imagen, el gusano tambi\u00c3\u00a9n funciona en el Windows Messenger que instala Windows por defecto ya que s\u00c3\u00b3lo se utiliza el protocolo de env\u00c3\u00ado de MSN independientemente del cliente de mensajar\u00c3\u00ada utilizado (tambi\u00c3\u00a9n funciona con Gaim, trilliam, etc).<br \/>\nEl lugar desde donde se descarga el gusano http:\/\/usuarios.lycos.es\/shark***\/*******.zip ya ha sido dado de baja pero seguramente aparecer\u00c3\u00a1n otras versiones del gusano con otras direcciones.<\/p>\n<p>Luego de ello, si caemos en la trampa, descargamos y ejecutamos el archivo, seremos infectados y ayudaremos a la propagaci\u00c3\u00b3n de este gusano.<br \/>\n<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlI__xXPVAI\/AAAAAAAAAHM\/UVZvr7Awb08\/s1600-h\/1.png\"><img decoding=\"async\" id=\"BLOGGER_PHOTO_ID_5067182895560348674\" style=\"display: block; margin: 0px auto 10px; cursor: pointer; text-align: center\" src=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlI__xXPVAI\/AAAAAAAAAHM\/UVZvr7Awb08\/s320\/1.png\" border=\"0\" \/><\/a>Como podemos ver el gusano, que ha sido desarrollado en Visual Basic 6.0, se asegura su ejecuci\u00c3\u00b3n la pr\u00c3\u00b3xima vez que se inicie Windows grabandose a s\u00c3\u00ad mismo como &#8220;C:\\WINDOWS\\System32\\sp2.exe&#8221;.<\/p>\n<p><span style=\"font-weight: bold\">Curiosidad:<\/span> El autor del gusano parece hacerse llamar &#8220;FireAngel&#8221; y guarda sus creaciones en<br \/>\nC:\\Documents and Settings\\FireAngel\\Mis documentos\\Folders\\c\u00c3\u00b3digos vb6\\other infeccion worm\\Project1.vbp<br \/>\n<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJHAxXPVEI\/AAAAAAAAAHs\/oSkkQiid8-U\/s1600-h\/5.png\"><img decoding=\"async\" id=\"BLOGGER_PHOTO_ID_5067190609321612354\" style=\"display: block; margin: 0px auto 10px; cursor: pointer; text-align: center\" src=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJHAxXPVEI\/AAAAAAAAAHs\/oSkkQiid8-U\/s320\/5.png\" border=\"0\" \/><\/a>Luego de ejecutado &#8220;sp2.exe&#8221;, deshabilita el administrador de tareas para evitar que el usuario pueda ver los procesos activos:<br \/>\n<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJA9xXPVBI\/AAAAAAAAAHU\/dMGQTo3RYY0\/s1600-h\/3.png\"><img decoding=\"async\" id=\"BLOGGER_PHOTO_ID_5067183960712238098\" style=\"display: block; margin: 0px auto 10px; cursor: pointer; text-align: center\" src=\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJA9xXPVBI\/AAAAAAAAAHU\/dMGQTo3RYY0\/s320\/3.png\" border=\"0\" \/><\/a>Esto lo logra modificando la clave del registro: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableTaskmgr al valor &#8220;1&#8221;<\/p>\n<p>Se puede eliminar el gusano manualmente eliminando la clave Run del registro, modificando el valor del &#8220;DisableTaskmgr&#8221; a 0 y por \u00c3\u00baltimo borrando el archivo &#8220;sp2.exe&#8221; mencionado.<\/p>\n<p>Algunos Antivirus a\u00c3\u00ban no lo detectan y esto puede deberse a la cantidad de variantes que hay actualmente.<br \/>\n<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/bp3.blogger.com\/_sdv3yhG5CB4\/RlJDrBXPVCI\/AAAAAAAAAHc\/dXpIyJyuO4o\/s1600-h\/4.png\"><img decoding=\"async\" id=\"BLOGGER_PHOTO_ID_5067186937124574242\" style=\"display: block; margin: 0px auto 10px; cursor: pointer; text-align: center\" src=\"http:\/\/bp3.blogger.com\/_sdv3yhG5CB4\/RlJDrBXPVCI\/AAAAAAAAAHc\/dXpIyJyuO4o\/s320\/4.png\" border=\"0\" \/><\/a>Por eso <span style=\"font-weight: bold\">NO ejecutes nada que no conozcas.<\/span><\/p>\n<p><span style=\"font-weight: bold\">Fuente: <a href=\"http:\/\/seguinfo.blogspot.com\/\">http:\/\/seguinfo.blogspot.com\/<\/a>\u00c2\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Desde el viernes pasado se est\u00c3\u00a1n propagando nuevas variantes de gusano por MSN. La particularidad de estos espec\u00c3\u00admenes radica en que sus textos est\u00c3\u00a1n en castellano habiendo gran cantidad de usuarios que est\u00c3\u00a1n cayendo en la trampa de &#8220;mir\u00c3\u00a1 mis fotos que me saqu\u00c3\u00a9 el fin de semana&#8221;. Veamos de que se trata. Nos llega [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-189","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - MSN con bichos<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"MSN con bichos\",\"datePublished\":\"2007-05-26T18:24:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\"},\"wordCount\":343,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png\",\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - MSN con bichos\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png\",\"datePublished\":\"2007-05-26T18:24:24+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage\",\"url\":\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png\",\"contentUrl\":\"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - MSN con bichos","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"MSN con bichos","datePublished":"2007-05-26T18:24:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/"},"wordCount":343,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage"},"thumbnailUrl":"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png","articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/","url":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - MSN con bichos","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage"},"thumbnailUrl":"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png","datePublished":"2007-05-26T18:24:24+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/msn-con-bichos\/#primaryimage","url":"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png","contentUrl":"http:\/\/bp2.blogger.com\/_sdv3yhG5CB4\/RlJD2xXPVDI\/AAAAAAAAAHk\/kViOLgzAXPk\/s320\/2.png"},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=189"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/189\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}