{"id":4090,"date":"2014-12-28T08:41:18","date_gmt":"2014-12-28T07:41:18","guid":{"rendered":"http:\/\/www.watervogelbond.be\/ned\/?page_id=4090"},"modified":"2014-12-28T08:42:40","modified_gmt":"2014-12-28T07:42:40","slug":"wabot-virus","status":"publish","type":"page","link":"https:\/\/watervogelbond.be\/ned\/wabot-virus\/","title":{"rendered":"Wabot virus"},"content":{"rendered":"<table style=\"width: 750px;\" border=\"1\" width=\"684\" cellspacing=\"1\" cellpadding=\"1\">\n<tbody>\n<tr>\n<td style=\"width: 531px;\"><span style=\"color: #ff0000;\"><strong><span style=\"font-size: 14px;\">Laatste virus<\/span><\/strong><\/span><\/td>\n<td style=\"width: 205px;\">\u00a0maart 2014<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"1\">\n<tbody>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Naam (type):<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>W32.Wabot (Overig)<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Besturing:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Windows<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Datum:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>20 maart 2014<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Risico:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>Laag<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Bron:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>(c) 2014, VirusAlert<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Aliassen:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td>wabot<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" bgcolor=\"#223e80\"><span style=\"color: #ffffff;\"><b>Eigenschappen:<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"color: #000000;\">Wabot is een internetworm die zich verspreidt via het IRC- chatprogramma.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Het probeert om contact te komen met andere IRC gebruikers door te zoekn naar chats met:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">-#hellothere<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">-term &#8216;mp3&#8217; in de titel<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">-term &#8216;xdcc&#8217; in de titel<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Zogauw de worm op een systeem binnen is gekomen probeert het zich te nestelen op dit systeem. Het installeert de volgende bestanden in de standaard Windows-system32 directorie:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">* sIRC4.exe<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">*marijuana.txt<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">De wijzigingsdatum van de bestanden is gelijk aan de datum van infectie.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Vervolgens maakt het de volgende registry-sleutel aan:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion \\Winlogon\\&#8221;Shell&#8221; = &#8220;Explorer.exe sIRC4.exe&#8221;<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">De worm zoekt naar bestanden met de volgende extensies:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.exe<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.scr<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.com<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.pif<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.cmd<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">.bat<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Een copie van deze bestanden plaatst het met haar eigen worm-code toegevoegd in een van deze twee directories:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">* [standaard Windows System directorie]\\DC++ Share<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">* [standaard Windows System directorie]\\xdccPrograms<\/span><\/p>\n<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"1\">\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"480\"><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td class=\"mH\" colspan=\"2\" bgcolor=\"#223e80\"><span style=\"font-size: 14px;\"><span style=\"color: #ff0000;\"><b>Verwijder instructies:<\/b><\/span><\/span><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td style=\"text-align: justify;\" colspan=\"2\" width=\"480\"><span style=\"color: #000000;\">Verwijder het virus met uw eigen antivirus-software. Als dit niet slaagt, of indien u ook een extra analyse wenst, gebruik een van de gratis online virusscanners om uw systeem te diagnosticeren.Gratis online scanners op een rijtje:<\/span><span style=\"text-decoration: underline;\"><a href=\"https:\/\/security.symantec.com\/nbrt\/npe.aspx?lcid=1033\" target=\"_blank\">Norton (Symantec Power Eraser)<\/a><\/span><\/p>\n<p><span style=\"text-decoration: underline;\"><a href=\"http:\/\/housecall.trendmicro.com\/nl\/\" target=\"_blank\">Trendmicro HouseCall online scanner<\/a><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Laatste virus \u00a0maart 2014 Naam (type): W32.Wabot (Overig) Besturing: Microsoft Windows Datum: 20 maart 2014&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/pages\/4090"}],"collection":[{"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/comments?post=4090"}],"version-history":[{"count":2,"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/pages\/4090\/revisions"}],"predecessor-version":[{"id":4093,"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/pages\/4090\/revisions\/4093"}],"wp:attachment":[{"href":"https:\/\/watervogelbond.be\/ned\/wp-json\/wp\/v2\/media?parent=4090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}