The Unofficial Access Virus & Virus TI Forum - since 2002

The Unofficial Access Virus & Virus TI Forum - since 2002 (http://www.infekted.org/virus/forum.php)
-   Trouble with your Access Virus? (http://www.infekted.org/virus/forumdisplay.php?f=108)
-   -   Bluster - I-Worm "JS.GeoVisit" [b] (http://www.infekted.org/virus/showthread.php?t=23837)

test2004 04.09.2003 06:32 PM
Bluster - I-Worm "JS.GeoVisit" [b]
 
I see many peoples have problems with this starnge Trojan.
For first I want specific thath the JS.GeoVisit is not always an I-Worm, but can be -very often- a Blaster Trojan.
It can be "stealth", act like server or simply like a cookie.
The information about this Trojan are really few, but was determined thath it is using by Internetion Internet Security Agencys[Interpool - Guardia di Finanza - State Polices: Internet Department ecc...] for monitorize the access at illegal sites -generally underground/warez/underage porn-. I fond some of thath I-Worms on arabians pages. I can't transalte by arabian but I'm pretty sure thath pages cuold contains reactionals/revoluion based argouments forums, and some USA Security Agency want to monitorize they. The I-Worm was located on music/games trade forum exspecially Spanish's formus.
Lot of trojan's servers are located on YAHOO/GEOCITIES sub pages too: the Js.GeoVist it is attached with java [Ex. [...]/script><script language="JavaScript" src="http://www.geocities.com/js_source/geov2.js">.geovisit() or /js_source/geov2.js</a>&lt;/a&gt;&amp;quot;&amp;gt;&amp;lt;/script&amp;gt;&amp;lt;script
language=&amp;quot;javascript&amp;quot;&amp;gt;geovisit()] and it can infect your pc attaching a server located [IE.5] "Local Settings\Temporary Internet Files\Content.IE5" [For Windows XP users] named like "IELib9[x].js" [x= number of copy].
The JS.GeoVisit do not make seriuos damnage at your files or folders but can log all keys in your registry.
It communicate through different port UDP: 1900 or TCP: 1036/5/4/ [someone ensure thath Js can trasmitt through port 5000 too but I never check it]


Today about 2126 htmls pages are infected by this ultra-stealth I-Worms and more of 10.000 users was infecter by the trojan and most of thay do not know to be infected. To have a real confimation try to search in www.google.com "js.geovisit" and look for the headers ">.geovisit()"


>> Pay attention: NO ONE antivirus find it! Only two small anti-trojan programs can find out it Anti GhostBusters [www.antiy.net] and The Cleaner [www.simtel.net]. This because there are a stealth trade with the provider of JS.GeoVisit and the most famous antivirus company. <<

[thexxx]*
-=[/ReaLwAReZ\]=-

TommyS 04.09.2003 09:37 PM
Yeah. just what the bloke said.

:D

udenjoe 05.09.2003 05:33 AM
Is it about condoms?






This may be usefull. Some idiot at work downloaded that Sobig virus. I had to figure out how to get rid of it. Another plus in using mac, not that many virus worries.


All times are GMT. The time now is 09:40 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2002-2022, Infekted.org