[cut-n-paste from sophos.com]
Troj/Qzap-248
Type
Trojan
Detection
At the time of writing Sophos has received no reports from users affected by
this Trojan. However, we have issued this advisory following enquiries to our
support department from customers.
Description
Troj/Qzap-248 overwrites the boot sector of the hard disk so that during boot
up, the following message is displayed:
NOTICE:
Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium
Copyright Act!
Your unauthorized license has been revoked.
For more information, please call us at:
1-888-NOPIRACY
If you are outside the USA, please look up the
correct contact information
on our website, at:
www.bsa.org
Business Software Alliance
Promoting a safe & legal online world.
Troj/Qzap-248 overwrites all other sectors of the hard disk with random bytes,
wiping out all information on the hard disk. The Trojan also attempts to do
the same to the floppy drives.
Troj/Qzap-248 is dropped by W32/Opaserv-H and W32/Opaserv-I.
W32/Yaha-L
Aliases
I-Worm.Lentin.J
Type
Win32 worm
Detection
At the time of writing Sophos has received just one report of this worm from
the
wild.
Description
W32/Yaha-L creates three files in the system folder: WinServices.exe,
nav32_loader.exe and tcpsvc32.exe. All these are exact copies of the worm.
W32/Yaha-L adds the following values to your registry, setting them to run
WinServices.exe when Windows starts up or when the infected user logs on to
the network:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winservices
="%SYSFOLDER%\WinServices.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Winservices
="%SYSFOLDER%\WinServices.exe"
W32/Yaha-L also sets:
HKCR\exefile\shell\open\command\(Default)
=""%SYSFOLDER%\nav32_loader.exe" "%1" %*"
This causes W32/Yaha-L to be run whenever you launch a file with an EXE
extension.
Once executed, W32/Yaha-L stays resident in memory as a process which is
not visible in the task list. The worm takes active measures against anti-virus
software, including:
automatically resetting the registry modifications if they are changed
actively terminating a range of anti-virus, firewall and internet service
programs
actively terminating REGEDIT
Like other Yaha variants (e.g. W32/Yaha-A), the worm sends out emails
containing copies of itself. These emails have a range of subject lines,
attachment
names, sender addresses and body texts, using a mixture of topics relating to
hacking, love, hate and porn.
On the 25th of March and the 22nd of May this virus will display a message box
containing the text "Happy Birthday Dear". Also the operation of the
mouse buttons will be swapped.
On a Wednesday W32/Yaha-L will perform the following three actions:
set the hidden attribute on all files and folders in the Personal Shell
Folder,
usually My Documents
create a text file with a random six character name on the Desktop
containing one of five messages each of which begin
"W32.{at}YerH$.B"
change the default Internet Explorer start up page via the registry entry
HKLM\Software\Microsoft\Internet Explorer\Main to one of the
following web sites:
www.hrvg.tk
www.hackersclub.up.to
geocities.com/snak33ys
www.unixhideout.com
www.hirosh.tk
www.neworder.box.sk
www.blacksun.box.sk
www.coderz.net
www.hackers.com/html/neohaven.html
www.ankitfadia.com
The non-viral file Winloader32.dll will be created in the Windows system folder
and should be deleted. Also the registry entry
HKLM\Software\Microsoft\WinVer
will be created with a default value containing six random lowercase
characters.
Finally W32/Yaha-L will execute a denial of service attack against a Pakistani
government website, infopak.gov.pk.
W32/Hantaner-A
Aliases
Win32.HLLP.Hantaner W32.HLLP.Handy Win32.HLLP.Handy
Type
Win32 worm
Detection
At the time of writing Sophos has received just one report of this worm from
the
wild.
Description
W32/Hantaner-A prepends itself to files found in the download folders of
KaZaA and Internet Explorer. The location of the folders are obtained by
querying the following registry entries:
HKCU\Software\Kazaa\Transfer\DownloadDir
HKCU\Software\Microsoft\Internet Explorer\Download Directory
W32/Opaserv-I
Aliases
Trojan.Win32.KillWin.m, W95/Opaserv.worm.F, W32/Opaserv.worm.m,
W32.Opaserv.K.Worm, TROJ_WINKILL.A
Type
Win32 worm
Detection
At the time of writing Sophos has received just one report of this worm from
the
wild.
Description
W32/Opaserv-I is a network-aware worm. W32/Opaserv-I tries to locate
Windows network shares on computers which are accessible across the
internet. It then copies itself to those computers, placing itself in the
Windows
folder in a file called mqbkup.exe.
W32/Opaserv-I creates the registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mqbkup =
\mqbkup.exe
This automatically launches the worm every time you log on.
The worm also adds the line run=\mqbkup.exe to your WIN.INI file. This is intended to
launch the worm every time you start Windows.
W32/Opaserv-I drops Troj/Qzap-248.
For information on protecting yourself against this family of viruses, please
read
the Opaserv article on our Support News page.
W32/Opaserv-H
Type
Win32 worm
Detection
At the time of writing Sophos has received no reports from users affected by
this worm. However, we have issued this advisory following enquiries to our
support department from customers.
Description
W32/Opaserv-H is a network-aware worm. W32/Opaserv-H tries to locate
Windows network shares on computers which are accessible across the
internet. It then copies itself to those computers, placing itself in the
Windows
folder in a file called MSTASK.EXE, usually 18853 bytes in size. (Note that
Windows computers normally have a file by this name, but you will find it in
the
system folder, not in the Windows folder. )
W32/Opaserv-H creates the registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mstask
= "C:\%WINFOLDER%\MSTASK.EXE"
This automatically launches the worm every time you log on.
The worm also adds the line run=,c:\windows\mstask.exe to your
WIN.INI file. This is intended to launch the worm every time you start
Windows.
W32/Opaserv-H adds an additional section in WIN.INI with several new
entries as shown:
[msappfont]
value
font
style
These values are used by the worm to trigger its payload upon its second or
subsequent execution.
W32/Opaserv-H has a payload which might trigger if the date is 24/Dec 2002
or thereafter.
If the current month is the same as the month of initial infection, then the
payload
triggers from the 2nd and subsequent days from the day of initial infection.
For the rest of the calender months, the payload triggers on all days except
the
1st day of the month.
When the payload triggers, the worm drops and runs Troj/Qzap-248, which
overwrites the boot sector of the hard disk so that, during boot up, the
following
message is displayed:
NOTICE:
Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium
Copyright Act!
Your unauthorized license has been revoked.
For more information, please call us at:
1-888-NOPIRACY
If you are outside the USA, please look up the
correct contact information
on our website, at:
www.bsa.org
Business Software Alliance
Promoting a safe & legal online world.
All other sectors of the hard disk will be overwritten with random bytes,
wiping
out all information on the hard disk. The Trojan also attempts to do the same
to
the floppy drives.
W32/Opaserv-H then immediately restarts the computer by dropping and
running the file boot.exe
When the payload triggers the following files will be dropped, and files with
the
same filenames will be replaced:
C:\boot.ini
C:\msdos.sys
C:\autoexec.bat
C:\boot.exe
C:\mslicenf.com (detected as Troj/Qzap-248)
C:\bootsect.dos (detected as Troj/Qzap-249)
Depending on the version of the operating system, W32/Opaserv-H might
attempt to modify command.com, io.sys and regenv32.exe which renders the
computer unable to boot up and displays garbage instead.
For information on protecting yourself against this family of viruses, please
read
the Opaserv article on our Support News page.
VBS/Moon-A
Aliases
VBS_Moon, VBS.Moon{at}MM, Moon
Type
Visual Basic Script worm
Detection
At the time of writing Sophos has received just one report of this worm from
the wild.
Description
VBS/Moon-A arrives in an email with the following characteristics:
Subject line: Hi
Message body: watch this photo !!!!
The message body also contains content downloaded from the internet. This
content may be
pornographic.
VBS/Moon-A copies itself to the Windows folder and creates the registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\explorerx
This automatically launches the worm whenever you log on.
VBS/Moon-A tries to display web pages on your computer. Every minute, for three
minutes, one of
tweny-three different web pages is selected, downloaded and displayed. The worm
also sets your
browser's home page to the page it has just displayed.
Most of the pages that the worm accesses contain pornographic content.
VBS/Moon-A also tries to create a mIRC script called Script.ini in your mIRC
installation
folder. This script will attempt to forward the worm to other mIRC users.
Script.ini is
detected by Sophos Anti-Virus as mIRC/Simp-Fam.
W32/Yaha-K
Aliases
Yaha-M
Type
Win32 worm
Detection
Sophos has received several reports of this worm from the wild.
Description
W32/Yaha-K creates three files in your system folder: WinServices.exe,
nav32_loader.exe and tcpsvc32.exe. All these are exact copies of the worm.
W32/Yaha-K adds the following values to your registry, setting them to run the
WinServices.exe file whenever you boot up or log on to the network:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winservices
="%SYSFOLDER%\WinServices.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Winservices
="%SYSFOLDER%\WinServices.exe"
W32/Yaha-K also sets
HKCR\exefile\shell\open\command\(Default)
=""%SYSFOLDER%\nav32_loader.exe" "%1" %*"
This means that W32/Yaha-K is executed whenever you launch an EXE (program
file).
A further copy of the worm may also appear in the system folder with one of the
following filenames:
Be_Happy.scr
Best_Friend.scr
colour_of_life.scr
dance.scr
Friend_Finder.exe
Friend_Happy.scr
friendship.scr
friendship_funny.scr
funny.scr
GC_Messenger.exe
hotmail_hack.exe
I_Like_You.scr
life.scr
love.scr
shake.scr
Sweet.scr
True_Love.scr
world_of_friendship.scr
Once executed, W32/Yaha-K stays resident in memory as a process which is not
visible in the task list. The worm takes active measures against anti-virus
software,
including:
automatically resetting its "exefile" association if you edit
the registry
actively terminating a range of anti-virus, firewall and internet service
programs by matching process names against the following list:
_AVP32, _AVPCC, _avpm, ACKWIN32, ALERTSVC,
AMON.EXE, ANTIVIR, ATRACK, AVCONSOL, AVP.EXE,
AVPCC.EXE, AVPM.EXE, AVSYNMGR, CFINET,
CFINET32, ESAFE.EXE, F-AGNT95, F-PROT95,
FP-WIN, FRW.EXE, F-STOPW, IAMAPP, IAMSERV.EXE,
IOMON98, LOCKDOWN2000, LOCKDOWNADVANCED,
LUCOMSERVER, MCAFEE, N32SCANW, NAVAPSVC,
NAVAPW32, NAVLU32, NAVRUNR, NAVW32, NAVWNT,
NISSERV, NORTON, NPSSVC, NRESQ32, NSCHED32,
NSCHEDNT, NSPLUGIN, PCCIOMON, PCCMAIN,
PCCWIN98, PCFWALLICON, POP3TRAP, PVIEW,
PVIEW95, REGEDIT, RESCUE32, RMVTRJANSAFEWEB,
SCAN32, SWEEP95, SYMPROXYSVC, TDS2-98,
TDS2-NT, Vet95, VETTRAY, VSECOMR, VSHWIN32,
VSSTAT, WEBSCANX, WEBTRAP, ZONEALARM
W32/Yaha-K arrives in an email that can have one of many different subject
lines,
message texts and attachment names. Additionally the address that the email
appears to originate from may be fake.
The subject line of the email is randomly chosen from the following list:
Are you a Soccer Fan ?
Are you beautiful
Are you in Love
Are you looking for Love
Are you the BEST
Check it out
Check this shit
Check ur friends Circle
Demo KOF 2002
Feel the fragrance of Love
Find a good friend
Freak Out
Free Demo Game
Free rAVs Screensavers
Free Screenavers of Love
Free Screensavers
Free Screensavers 4 U
Free Win32 API source
Free XXX
Hardcore Screensavers 4 U
Hello
hey check it yaar
Hi
How sweet this Screen saver
I am in Love
I Love You
I Love You..
Jenna 4 U
Learn How To Love
Learn SQL 4 Free
Let',27h,'s Dance and forget pains
Looking for Friendship
love speaks from the heart
Lovers Corner
make ur friend happy
Need a friend?
Need money ??
One Hacker',27h,'s Love
One Virus Writer',27h,'s Story
Patch for Elkern.gen
Patch for Klez.H
Play KOF 2002 4 Free
Project
Sample KOF 2002
Sample Playboy
Sample Screensavers
Say ',27h,'I Like You',27h,' To ur friend
Screensavers from Club Jenna
Sexy Screensavers 4 U
Shake it baby
The Hotmail Hack
The King of KOF
The world of Friendship
Things to note
to ur friends
to ur lovers
True Love
U realy Want this
Visit us
Wanna be a HE-MAN
Wanna be friends ?
Wanna be friends ??
Wanna be like a stone ?
Wanna be my sweetheart ??
Wanna Brawl ??
Wanna Hack ??
Wanna Rumble ??
war Againest Loneliness
We want peace
Whats up
Who is ur Best Friend
Who is your Valentine
World Tour
Wowwwwwwwwwww check it
WWE Screensavers
XXX Screensavers 4 U
You are so sweet
The message text is randomly chosen from the following texts:
"hey,
did u always dreamnt of hacking ur friends hotmail account..
finally i got a hotmail hack from the internet that really works..
ur my best friend thats why sending to u..
check it..just run it..enter victim's address and u will get the pass."
"hi,
check the attached love screensaver
and feel the fragrance of true love.."
"Hi,
check the attached screensaver..
its really wonderfool..
i got it from freescreensavers.com"
"Hi,
check ur friends circle using the attached friendship screensaver..
check the attached screensaver
and if u like it send it to all those you consider
to be true friends... if it comes back to you then
you will know that you have a circle of friends.."
"Hi,
check the attached screensaver
and enjoy the world of friendship.."
"Hi,
are u in a rocking mood...
check the attached scrennsaver and start shaking.."
"Hi,
Check the attached screensaver.."
"Hi,
Are you lonely ??..
check the attached screensaver and
forget the pain of loneliness"
"Hi,
Looking for online pals..
check the attached friend finder software.."
"Hi,
sending you a screensaver..
check it and let me know how it is..."
"Hi,
Check the attached screensaver
and feel the fragrance of true love..."
"Hey,
I just got this wonderfull screensaver from freescreensaver.com..
Just check it out and let me know how it is.."
"Hi,
I just came across it.. check out..
=====================================================
Are you one of those unfortunate human beings who are desperately
looking for friends.. but still not getting true friends with whom
you can share your everything..
anyway you wont feel down any more cause GC Chat Network has brought
up a global chat and online match making system using its own GC
Messenger. Attached is the fully functional free version of GC
Instant Messenger and Match Making client..
Just install, register an account with us and find thousands of online
pals all over the world..
You can also search for friends by specific country,city,region etc.
Regards Admin,
GC Global Chat Network System.."
"Hi,
So you think you are in love..
is it true love ? you may think right now that you are in
true love but it is certainly possible that it is nothing
but a mere infatuation to you..
anyway to know yourself better than you have ever known check
the attached screensaver and feel the fragrance of true love.."
"Hey pal,
you know friendship is like a business...
to get something you need to give something..
though its not that harsh as business but to
get love and care from your friends you need to give
love,care and respect to your friends.. right
check the attached screensaver and you will learn how to
make your friends happy.."
"Hi,
Its quite obvious that in our life we have numerous friends
but.. BUT Best Friend can only be ONE.. right
so can you decide who is your best friend
i guess not.. cause mostly you will find that your best friend
wont care about u like somebody else..
anyway i found one way to find who is my best friend..
check it..
just check the attached screensaver.. answer some questions
in it and also ask your best friend to answer the questions..
..then you will know more about him.."
"Hey pal,
wanna have some fun in life...
feel like life is too boring and monotonous..
check the attached screensaver and bring colours
to your black & white life.. :)"
"Hi,
I just came across this funny screensaver..
sending it to u.. hope u like it..
check out and die laughing..:)"
">>>>>>>>>>>>>>>>>>>>
This E-Mail is never sent unsolicited. If you receive this
E-Mail then it is because you have subscribed to the official
newsletter at the KOF ONLINE website.
King Of Fighters is one of the greatest action game ever made.
Now after the mind boggling sucess of KOF 2001 SNK proudly
presents to you KOF 2002 with 4 new charecters.
Even though we need no publicity for our product but this
time we have decided to give away a fully functional trial
version of KOF 2002. So check out the attached trialversion
of KOF 2002 and register at our official website to get a free
copy of KOF2002 original version
Best Regards,
Admin,KOF ONLINE..
>>>>>>>>>>>>>>>>>>>>"
"Hello,
I just came across your email ID while searching in the Yahoo profiles.
Actually I want a true friend 4 life with whom I can share my everything.
So if you are interested in being my friend 4 life then mail me.
If youwanna know about me, attached is my profile along with some of my
pics. You can check and if you like it then do mail me.
I will be waiting for your mail.
Best Wishes,
Your Friend.."
"Hello,
Looking for some Hardcore mind boggling action ?
Install the attached browser software and browse
across millions of paid hardcore sex sites for free.
Using the software you can safely and easily browse
across most of the hardcore XXX paid sites across the
internet for free. Using it you can also clean all
traces of your web browsing from your computer.
Note:The attached browser software is made exclusivley
for demo only. You can use the software for a limited
time of 35 days after which you have to register it
at our official website for its furthur use.
Regards,
Admin."
"Klez.H is the most common world-wide spreading worm.It's very dangerous by
corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV
software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC"
"Hello,
The attached product is send as a part of our official campaign
for the popularity of our product.
You have been chosen to try a free fully functional sample of our
product.If you are satified then you can send it to your friends.
All you have to do is to install the software and register an account
with us using the links provided in the software. Then send this software
to your friends using your account ID and for each person who registers
with us through your account, we will pay you $1.5.Once your account reaches
the limit of $50, your payment will be send to your registration address by
check or draft.
Please note that the registration process is completely freewhich means
by participating in this program you will only gain without loosing anything.
Best Regards,
Admin,"
The attachment containing the worm can have any of the following filenames:
Be_Happy.scr
Beautifull.scr
Best_Friend.scr
Body_Building.scr
Britney_Sample.scr
Codeproject.scr
colour_of_life.scr
Cupid.scr
dance.scr
FixElkern.com
FixKlez.com
FreakOut.exe
Free_Love_Screensavers.scr
Friend_Finder.exe
Friend_Happy.scr
friendship.scr
friendship_funny.scr
funny.scr
GC_Messenger.exe
Hacker.scr
Hacker_The_LoveStory.scr
Hardcore4Free.scr
hotmail_hack.exe
I_Like_You.scr
I_Love_You.scr
Jenna_Jemson.scr
King_of_Figthers.exe
KOF.exe
KOF_Demo.exe
KOF_Fighting.exe
KOF_Sample.exe
KOF_The_Game.exe
KOF2002.exe
life.scr
Love.scr
love.scr
My_Sexy_Pic.scr
MyPic.scr
MyProfile.scr
Notes.exe
Peace.scr
Playboy.scr
Plus2.scr
Plus6.scr
Project.exe
Ravs.scr
Real.scr
Romantic.scr
Romeo_Juliet.scr
Screensavers.scr
Services.scr
Sex.scrSoccer.scr
Sexy_Jenna.scr
shake.scr
Stone.scr
Sweet.scr
Sweetheart.scr
The_Best.scr
THEROCK.scr
True_Love.scr
up_life.scr
Valentines_Day.scr
VXer_The_LoveStory.scr
Ways_To_Earn_Money.exe
world_of_friendship.scr
World_Tour.scr
xxx4Free.scr
zDenka.scr
zXXX_BROWSER.exe
The email may contain a FROM field constructed from the following two lists.
The
name is taken from the first list and the email address is taken from the
corresponding position in the second list:
"Names"
admin{at}hackers.com
admin{at}hackersclub.com
admin{at}viruswriters.com
American Beauty
Benting
britneyspears.org
Cathy Kindergarten
Clark Steel
Club Jenna
Codeproject
Cupid
Hardcore Screensavers
Iori Yagami
Jasmine Stevens
Jaucques Antonio Barkinstein
Jenna Jameson
Jericho
John Vandervochich
Jonathan
Keanu Stevenson
Klein Anderson
KOF Online
Kyo Kusanagi
Love Inc.
Lovers Screensavers
McAfee Inc.
me2K
Nicolas Schwarzeneggar
Nomadic Screensavers
Noopman
Norton Antivirus
Omega Rugal
Paul Owen
Playboy Inc.
Plus 2
Plus 6
Ralph Jones
Raveena Pusanova
Real Inc.
Rocking Stone
Romantic Screensavers
Romeo & Juliet
Ross Anderson
Screensavers of Love
Sexy Screensavers
SQL Library
Super Soccer
Susan
Terry Bogard
The Rock
Trend Micro
Valentine Screensavers
Veronica Anderson
XXX Screensavers
Zdenka Podkapova
zporNstarS
"Email Addresses"
admin{at}clubjenna.com
admin{at}codeproject.com
admin{at}kofonline.com
admin{at}zpornstars.com
av_patch{at}mcafee.com
av_patch{at}norton.com
av_patch{at}trendmicro.com
btq{at}263.com
caijob{at}online.sh.cn
cathy{at}21cn.com
cupid{at}freescreensavers.com
DNA_seraph{at}163.com
ericpan{at}online.com.pk
free{at}hardcorescreensavers.com
free{at}sexyscreensavers.com
free{at}sql.library.com
free{at}xxxscreensavers.com
hamada{at}seikosangyo.com
jenna{at}jennajameson.com
kkn{at}k2k.comscreensavers{at}nomadic.com
kl{at}aminoprojects.com
love{at}lovescreensavers.com
loverscreensavers{at}love.com
lubing{at}7135.com
luoairong{at}21cn.com
marketing{at}suppersoccer.com
me{at}me2K.com
newsletters{at}britneyspears.org
nics{at}nomadic.com
paul{at}kqscore.com
plus{at}real.com
ravs{at}go2pussy.com
romanticscreensavers{at}love.com
sales{at}playboy.com
sales{at}real.com
samsun{at}online.sh.cn
screensavers{at}lovers.com
services{at}tcsonline.com
stone{at}esterplaza.com
super{at}21cn.com
therock{at}wwe.com
valentinescreensavers{at}t2k.com
yjworks{at}online.sh.cn
zdenka{at}zpornstars.com
zhouyuye{at}citiz.net
It is not necessary for a user to double-click on the attachment to become
infected
as this worm can exploit a security vulnerability in Microsoft Internet
Explorer,
Outlook and Outlook Express. To prevent reinfection, users of Microsoft Outlook
and Outlook Express should install the following patch available from
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
(This patch fixes a number of vulnerabilities in Microsoft's software,
including the
one exploited by this worm.)
On the 25th of March and the 22nd of May this virus will display a message box
containing the text "Happy Birthday Dear". Also the operation of the
mouse buttons will be swapped.
On a Thursday W32/Yaha-K will perform the following three actions:
set the hidden attribute on all files and folders in the Personal Shell
Folder,
usually My Documents
create a text file named aYerHS.txt on the Desktop containing one of the
following five messages:
"==================================================
W32.{at}YerH$.B,Made in India,
wE aRe thE greAt iNdIaNs..
----------------------------
aBouT mE :
jUst a c0mputEr gEEk..
i tHinK i aM sTill a sCripT kiddiE..
eDucAtiOn : sCh00l sTudEnt..
aBouT {at}YerH$.B:
n0 dEstrucTivE paYload$ f0r inFecTeD c0mpUteRs.
teRminAtioN oF aV + FireWaLL f0r sUrvIvaL.
tImE dEfiNed tRigErRinG.. jUst f0r fUn.. n0 paYloaD.
c0ntAinS bUg iN rEpliCation c0de.. no tIme t0 fiX.
g0nNa fiX iT iN nExt rElEase..
n0 m0rE $hiT
==================================================="
"==================================================
W32.{at}YerH$.B,Made in India,
wE aRe thE greAt iNdIaNs..
----------------------------
spEciAl 10x to c0bra..
f0r inSpirAtIon + c0dIng hElp..
=================================================="
"=================================================
W32.{at}YerH$.B,Made in India
wE aRe thE greAt iNdIaNs..
----------------------------
wAnT peAce aNd pr0speRity in InDiA ?..
f**k tHe c0rruptEd p0litiCian$..no shit$ nEEdeD..
mErA bhAraT mAhaN ??.. n0t yeT..wE nEEd t0 mAkE iT..
talenT & hArd w0rK shOulD be rEspEctEd..
sElf stYleD a**H***$ mUsT bE eLimInatEd....
n0 m0re $hiT m0n0p0lY..
================================================="
"=================================================
W32.{at}YerH$.B,Made in India.
wE aRe thE greAt iNdiAnS.
----------------------------
iNdiAn hAckeRs + vXerS teAm up...
aNd kicK lamEr a**
no m0re pAk shIT..
itZ oUr tiMe to shOw tHem, the p0wer of teaM w0rk.
f**k AIC,GFORCE,SILVERLORDS,WFD..f*****g k1dd1es..
no sHit bUsineSS iN heRe aNd
nO lamE stuFF..
================================================="
"==================================================
r0xx pReSaNt$ W32.{at}YerH$.B (all r1ght$ re$erv3d.. ;) )
w3 aRe tHe gRe{at}t 1nD1aN$..
------------------------------------------------------
m{at}iN mIssIoN iS t0 sPreAd tHe nAmE {at}YerH$
s00 mUch t0 c0me..
iNclUdEd DDoS c0mp0neNtS c{at}usE oF sHiT p{at}kI l{at}meRs
eXp3ct th3 uNeXp3ctEd
dEdic{at}t3d t0 : mY b3$t fRi3nD
=================================================="
change the default Internet Explorer start up page via the registry entry
HKLM\Software\Microsoft\Internet Explorer\Main to one of the following
web sites: www.hrvg.tk, www.hackersclub.up.to,
geocities.com/snak33ys, www.unixhideout.com,
www.hirosh.tk, www.neworder.box.sk,
www.blacksun.box.sk, www.coderz.net,
www.hackers.com/html/neohaven.html,
www.ankitfadia.com.
Finally W32/Yaha-K will execute a denial of service attack against a Pakistani
government website, infopak.gov.pk.
--- MultiMail/MS-DOS v0.27
* Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)
SEEN-BY: 633/267 270
@PATH: 123/140 500 106/1 379/1 633/267
|