1,545
edits
Nemesis6051 (talk | contribs) No edit summary |
No edit summary |
||
(8 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
{{Lost}} | {{Lost}} | ||
{{Infobox | {{Infobox | ||
|title = | |title = Blackcom | ||
|maker = | |image = VBScript_icon.png | ||
|type = | |maker = FlashUpload | ||
|type = Application | |||
|date = 2009 | |date = 2009 | ||
|imagecaption = The '''BLACKCOM.VBS''' icon. | |||
}} | }} | ||
When launched, it displays a false MSWORD.exe error message that reads: | '''Blackcom''' is a [[screamer]] [[application]] created by FlashUpload. It was written in [[wikipedia:VBScript|VBScript]]. | ||
After a couple seconds, it displays binary | When launched, it displays a false MSWORD.exe error message that reads: "Microsoft Word cannnot open this document because it contains characters MSWORD.EXE does not understant". | ||
After a couple seconds, it displays a false binary error message that reads:<pre> | |||
Microsoft Word Cannot Complete The Operation Requested Due To Security Risks | Microsoft Word Cannot Complete The Operation Requested Due To Security Risks | ||
Please include the following in your error report | Please include the following in your error report | ||
01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000 | |||
01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000 | |||
</pre> | </pre> | ||
This message is then followed by [[wikipedia:Microsoft_text-to-speech_voices#Windows_2000_and_Windows_XP|Microsoft Sam]] saying: "CAUTION! A virus has been detected." | This message is then followed by [[wikipedia:Microsoft_text-to-speech_voices#Windows_2000_and_Windows_XP|Microsoft Sam]] saying: "CAUTION! A virus has been detected." | ||
Blackcom then displays more | Blackcom then displays more fake error messages about svchost.exe and DRVSTORE, then displays a message stating: "An important system file is not found and WINDOWs can no longer run." | ||
After several seconds pass, the trojan initiates a system shutdown and corrupts | After several seconds pass, the trojan initiates a system shutdown and corrupts "hal.dll" in the System32 directory, rendering Windows unbootable. Furthermore. Blackcom will change the homepage to a [[YouTube]] [[screamer]], but it is unknown what the screamer was. | ||
==Showcases== | == Showcases== | ||
<u>NOTE</u>: Although this trojan contains a [[screamer]], it is not visible in these showcases. | <u>NOTE</u>: Although this trojan contains a [[screamer]], it is not visible in these showcases. | ||
<div style="text-align: center;"> | <div style="text-align: center;"> | ||
Line 32: | Line 33: | ||
{{Maliciousnav}} | {{Maliciousnav}} | ||
{{Comments}} | {{Comments}} | ||
[[Category: | [[Category:Malware]][[Category:2009]] | ||
[[Category:2009]] | |||
[[Category:Other makers]] | [[Category:Other makers]] | ||
[[Category:Malicious scripts]] | [[Category:Malicious scripts]] | ||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Other scary images]] | [[Category:Other scary images]] |
edits