TekWarrior- To Protect And Inform The Public

Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page

Main office

Home
Message board
Tech board

News Room

Breaking News
Recent Stories

Security Fortress

Security Home
Virus Central

Bug Alert

Bug Alert Home
Latest Bugs& Patches

Download Center

Latest Downloads
Browser & Add-ons
Compression
E-Mail
Financial
Graphics
Internet
Misc
Multimedia
PC Accelerators
Security/Antivirus
Utilities
Web Accelerators

Reviews

Software Reviews
Hardware Reviews
Miscellearnous Reviews

Site Resources

Archives
FAQ
Staff & Contact
Support Team

Virus Central - The Place for Virus Info

W95/Babylonia

Win95/Babylonia.11036 W95/Babylonia is a new kind of virus, it combines characteristics of a virus, and a worm and is extensible through the Internet, by enabling other components to be downloaded and plugged into it. Babylonia works under Windows 95 and Windows 98 only. It is a parasitic compressed non-polymorphic virus. It overwrites the fixup section of the file (that is almost never otherwise used) and inserts itself there.. Also it incorporates Entry Point Obscuring methods, (exact same methods used by CTX). Because of a bug in the virus code some of the replicants (depending on the host file) are corrupted and will hang on execution. The virus will not gain control in this case. Babylonia when executing, will determine if an internet connection is active, and if found to be active, it will look for new plug-ins, every 60 seconds will try to connect to a hacker's Internet web site in Japan and to download a file called virus.txt. This file contains a list other files, that are extensions or plug-ins of the Babylonia virus. The virus will try to download and execute all plug-ins listed in the virus.txt file. Currently the virus.txt file contains four plug-ins: greetz.dat, ircworm.dat, dropper.dat, poll.dat. In affect then, Babylonia will look for new plug-ins to attach to itself, every 60 seconds. Greetz.dat On January 15 of every year before 5:00am and after 8:00pm this plug-in will append the following lines to C:\AutoExec.bat: echo W95/Babylonia by Vecna (c) 1999 echo Greetz to RoadKil and VirusBuster echo Big thankz to sok4ever webmaster echo Abracos pra galera brazuca!!! echo --- echo Eu boto fogo na Babilonia! Dropper.dat The Dropper.dat plug-in creates a hidden file called Instalar.exe (size: 17,020 bytes) in C:\ and executes. The file is deleted after execution. Installar.exe will drop babylonia.exe to the root of C driver and kernel32.exe (identical to babylonia.exe) to the Windows\System directory. Kernel32.exe will be registered as an auto-run application under HKLM\Software\Microsoft\Windows\CurrentVersion\Run. Ircworm.dat This plug-in will try to send Babylonia disguised as a Y2K Bug fix for Internet Relay Chat (MIRC) users -- one of the largest and most well-known online Internet chat communities in the world. The files it is trying to send to any user when joining a chat-room are 2kBug-MircFix.EXE and 2kbugfix.ini. Poll.dat The Poll.dat plug-in sends an e-mail to a Hotmail account in order to count the number of infected machines. When infecting files Babylonia is able to include the plugins-into the host file. The above list represents the set of plug-ins as of 12/7/99. The virus.txt on the Internet can be modified anytime to include additional plug-ins that could then be be downloaded to augment or completely replace a set of plug-ins. This level of self configuration capability makes Babylonia especially dangerous. Examples of some potentially damaging things that a plug-in could easily do include: � Formatting a hard drive � Deleting files � Collecting and sending sensitive information (credit info, certificates, etc.) � Installing a Y2K specific attack.

Check your antivirus vendors for the lastest updates.

Network

TekWebNetwork
Tekzone
Tekwarrior
TekWebDesign

Join Network:

Quick Bar

File of the week

IE 5.5

Free file

AdSubtract 1.66 SE

Beta releases

Paint Shop Pro 7 Beta

New releases

WinZip 8.0