SecurityHome.eu Win32.Rede.A@mm

Home / malware PDF

Win32.Rede.A@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Rede.A@mm is also known as N/A.
Explanation :
This is an Internet Worm that spreads trough e-mail.
It arrives in the following format:

Subject:
One of the following texts:

FW: Security Update by Microsoft.
FW: Microsoft security update.
FW: IT departments on state of HIGH ALERT.
FW: Important news from Microsoft.
FW: Stop terrorists computer viruses reign.
FW: Terrorists release computer virus.
FW: Emergency response from Microsoft Corp.
FW: Terrorist Emergency. Latest virus can wipe disk in minutes.
FW: Microsoft Update. Final Release Candidate.
FW: New computer virus.

Body:

Just recieved this in my email
I have contacted Microsoft and they say it's real !

-----Original Message-----
From: Microsoft Support Desk [mailto:Support@microsoft.com]
Sent: 17 October 2001 15:21
Subject: Security Update
Due to the recent spate of email spread computer viruses
Microsoft Corp has released a security patch.
Please apply the attached file to your Windows computer
to stop any futher spread or these malicious programs.
Regards

Attachment:
One of the files created by the virus.

Microsoft Support

Attachment:
One of the following file names:

Common.exe
Rede.exe
Si.exe
UserConf.exe
disk.exe

After running the attachment the virus copies itself in to the following hidden files:
C:Common.exe
C:Rede.exe
C:Si.exe
C:UserConf.exe
C:disk.exe

It adds the following keys in registry:
[HKLMSoftwareMicrosoftWindowsCurrentVersionRunRede]
with value "C:Rede.exe"
[HKLMSoftwareMicrosoftWindowsCurrentVersionErrorHandlingError]
with value "True"

it shows the following fake message box:

and then it send itself to all e-mail addresses found in Outlook's Address Book in the same format as it arrives.

On 11/11/2001 it will add the following lines to c:autoexec.bat:

ECHO Bide ye the Wiccan laws ye must, In perfect love and perfect trust.
format C: /autotest

so after reboot it will format automatically the drive C.

The virus contains the following Unicode strings:

When misfortune is enow, wear the blue star on thy brow.
True in love ye must ever be, lest thy love be false to thee.
These words the Wiccan Rede fulfill: An ye harm none, do what ye will.
Rede(c)Si 2001 ... heh, want my phone number too ?!?
Sick of all thes 3rd world gits spreading worms. Time for a bit of Welsh stuff :)
Last update 21 November 2011

TOP

Malware :

Last 20