<html>  <head>  <meta name="description" content="Analyse de virus de Sophos">  <meta name="keywords" content=" W32/Cult-B I-Worm.Cult-B sophos anti-virus anti virus antivirus sweep viruses">  <title>Analyse de virus de Sophos: W32/Cult-B</title>  <!-- SOPHOS Head: start --><meta name="MSSmartTagsPreventParsing" content="TRUE">  <script type="text/javascript" src="/javascript/frameworkpreload.js"></script>  <script type="text/javascript" src="/javascript/basic.js"></script>  <link href="/sophos/styles/sophos.css" rel="stylesheet" type="text/css">  <link href="/sophos/styles/menu.css" rel="stylesheet" type="text/css">   <!-- SOPHOS Head: end -->  </head>  <BODY background="/images/eng/framework/background-1600.gif" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#FFFFFF">   <a name="top"></a>  <!-- SOPHOS Header: start -->      <a name="TOP"></a> <!-- ImageReady Slices (top-bar.psd) -->      <table summary="Sophos - antivirus pour l'enterprise" width="668" border="0" cellpadding="0" cellspacing="0">  <tr>  <td rowspan="3"><map name="sophos"><area shape="rect" coords="8,10,168,50" alt="Sophos" href="/"></map><img src="/images/fra/framework/top-bar_01.gif" width="449" height="63" alt="Sophos - antivirus pour l'enterprise" border="0" ismap usemap="#sophos"></td>  <td rowspan="3" background="/images/fra/framework/top-bar_02.gif" align="right" width="145"><!-- Search Nav Start --><form method="post" action="/search/index.cgi"><input type="hidden" name="scope" value="whole_site"> <input type="hidden" name="lang" value="french"><input type="text" size="12" name="terms"><img src="/images/common/interface/spacer.gif" alt="" width="3" height="1"><!-- Search Nav End --></td>  <td colspan="2"><img src="/images/fra/framework/top-bar_03.gif" width="74" height="23" alt=""></td>  </tr>    <tr>  <td><!-- Searchbutton Nav Start --><input type="image" onmouseover="this.src='/images/fra/framework/top-bar_04-over.gif'" onmouseout="this.src='/images/fra/framework/top-bar_04.gif'" src="/images/fra/framework/top-bar_04.gif" width="66" height="18" border="0" alt="Rechercher"><!-- Searchbutton Nav End --></td></form>  <td><img src="/images/fra/framework/top-bar_05.gif" width="8" height="18" alt=""></td>  </tr>    <tr>  <td colspan="2"><img src="/images/fra/framework/top-bar_06.gif" width="74" height="22" alt=""></td>  </tr>  </table>              <!-- End ImageReady Slices -->    <table summary="Organisation de la page avec liens aux sections : Page d'accueil, A propos de Sophos et Contacts, ainsi qu'aux versions en langue anglaise, franaise, allemande, espagnole et japonaise de ce site Web." width="668" border="0" cellpadding="0" cellspacing="0">      <tr>      <td><!-- Home Nav Start --><a href="/" onmouseover="changeImages('button_bar_01', '/images/fra/framework/button-bar_01-over.gif'); return true;" onmouseout="changeImages('button_bar_01', '/images/fra/framework/button-bar_01.gif'); return true;"><img name="button_bar_01" src="/images/fra/framework/button-bar_01.gif" width="160" height="23" border="0" alt="Accueil"></a><!-- Home Nav End --></td>  <td><a href="http://www.sophos.com/" target="www.sophos.com" onmouseover="changeImages('button_bar_02', '/images/fra/framework/button-bar_02-over.gif'); return true;" onmouseout="changeImages('button_bar_02', '/images/fra/framework/button-bar_02.gif'); return true;"><img name="button_bar_02" src="/images/fra/framework/button-bar_02.gif" width="48" height="23" border="0" alt="www.sophos.com"></a></td>  <td><a href="http://www.sophos.de/" target="www.sophos.de" onmouseover="changeImages('button_bar_04', '/images/fra/framework/button-bar_04-over.gif'); return true;" onmouseout="changeImages('button_bar_04', '/images/fra/framework/button-bar_04.gif'); return true;"><img name="button_bar_04" src="/images/fra/framework/button-bar_04.gif" width="55" height="23" border="0" alt="www.sophos.de"></a></td>  <td><a href="http://esp.sophos.com/" target="esp.sophos.com" onmouseover="changeImages('button_bar_05', '/images/fra/framework/button-bar_05-over.gif'); return true;" onmouseout="changeImages('button_bar_05', '/images/fra/framework/button-bar_05.gif'); return true;"><img name="button_bar_05" src="/images/fra/framework/button-bar_05.gif" width="52" height="23" border="0" alt="esp.sophos.com"></a></td>  <td><img src="/images/fra/framework/button-bar_03-over.gif" width="55" height="23" border="0" alt="www.sophos.fr"></td>  <td><a href="http://www.sophos.it/" target="www.sophos.it"  onmouseover="changeImages('italiano', '/images/eng/framework/italiano-over.gif'); return true;" onmouseout="changeImages('italiano', '/images/eng/framework/italiano.gif'); return true;"><img name="italiano" src="/images/eng/framework/italiano.gif" width="52" height="23" border="0" alt="www.sophos.it"></a></td>  <td><a href="http://www.sophos.co.jp/" target="www.sophos.co.jp" onmouseover="changeImages('button_bar_06', '/images/fra/framework/button-bar_06-over.gif'); return true;" onmouseout="changeImages('button_bar_06', '/images/fra/framework/button-bar_06.gif'); return true;"><img name="button_bar_06" src="/images/fra/framework/button-bar_06.gif" width="48" height="23" border="0" alt="www.sophos.co.jp"></a></td>  <td><img src="/images/fra/framework/button-bar_07.gif" width="85" height="23" alt=""><img src="/images/eng/framework/grey-bar-blank-spacer.gif" width="59" height="23" alt=""></td>  <td><!-- Contact Nav Start --><a href="/companyinfo/contacting" onmouseover="changeImages('button_bar_09', '/images/fra/framework/button-bar_09-over.gif'); return true;" onmouseout="changeImages('button_bar_09', '/images/fra/framework/button-bar_09.gif'); return true;"><img name="button_bar_09" src="/images/fra/framework/button-bar_09.gif" width="54" height="23" border="0" alt="Contact"></a><!-- Contact Nav End --></td>  </tr>        <!-- End ImageReady Slices -->  <tr>  <td valign="top" bgcolor="#A2B1AE" background="/images/common/interface/spacer_a2b1ae.gif"><img src="/images/common/interface/spacer.gif" alt="" width="1" height="10">     <table summary="Organisation de la page avec liens aux sections : Infos produit, Tlchargements, Support, Infos virus, Infos socit, Infos presse, Partenaires et OEM." border="0" width="160" cellpadding="3" cellspacing="0">               <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/products/"><nobr>Infos Produits</nobr></a><!-- SOPHOS Insert products SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/downloads/"><nobr>Tlchargements</nobr></a><!-- SOPHOS Insert downloads SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/support/"><nobr>Support</nobr></a><!-- SOPHOS Insert support SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/virusinfo/"><nobr>Infos Virus</nobr></a>             <table border="0" cellpadding="2" cellspacing="0">               <tr>                 <td><img src="/images/common/interface/spacer.gif" alt="" width="1" height="2"></td>               </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/analyses"><nobr>Analyses de virus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/hoaxes"><nobr>Canulars et craintes</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/explained"><nobr>Virus expliqus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/articles"><nobr>Articles</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/whitepapers"><nobr>Livres blancs</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/topten"><nobr>Top ten des virus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/notifications"><nobr>Alerte par e-mail</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/infofeed"><nobr>Infos en continu</nobr></a></td>                 </tr>             </table></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/companyinfo/"><nobr>Infos Socit</nobr></a><!-- SOPHOS Insert companyinfo SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/pressoffice/"><nobr>Infos Presse</nobr></a><!-- SOPHOS Insert pressoffice SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/partners/"><nobr>Partenaires</nobr></a><!-- SOPHOS Insert partners SubMenu --></td>           </tr>                      <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/oem/"><nobr>OEM</nobr></a><!-- SOPHOS Insert oem SubMenu --></td>           </tr>                              <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>              </table>    </td>  <!-- End menu -->  <td width="500" valign="top" colspan="12"><!-- Start subheading -->  <table summary="" border="0" cellpadding="0" cellspacing="0" width="491">  <tr>  <td width="100%" align="right" valign="top"><img src="/images/common/interface/spacer.gif" alt="" width="2" height="6" border="0"></td>  </tr>    <tr>  <td width="100%" align="right" valign="bottom"><b><a href="/">Accueil </a><img src="/images/common/interface/blue.gif" width="12" height="11" alt=">">  <a href="/virusinfo">Infos Virus</a>  <img src="/images/common/interface/blue.gif" width="12" height="11" alt=">">  <a href="/virusinfo/analyses">Analyses de virus</a>  </b> </td>  </tr>    <tr>  <td width="100%" align="right" valign="top"><img src="/images/common/interface/linepointleft.gif" width="480" height="11" border="0" alt=""></td>  </tr>  </table>    <br>   <!-- End subheading -->       <table summary="" border="0" cellpadding="8" width="100%">  <tr>  <td width="100%" valign="top">   <!-- SOPHOS Header: end -->  <table border="0" cellpadding="3" cellspacing="3" width="100%">  <tr><td><h3>W32/Cult-B</h3></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Alias </th></tr>  <tr><td>I-Worm.Cult-B</td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Type </th></tr>  <tr><td><a href="/virusinfo/articles/glossary.html#w32worm">Ver Win32</a></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Dtection</th></tr>  <tr><td>Un fichier IDE d'identit virale permettant de vous protger est dsormais disponible depuis la section <b><a href ="/downloads/ide/">Identits virales</a></b>, et sera intgr  la version Mai 2003 (3.69) de Sophos Anti-Virus.<p><p>Au moment o nous rdigeons cette analyse, Sophos n'a reu qu'un signalement de ce ver.</p></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Description </th></tr>  <tr><td><p>W32/Cult-B se propage sur les rseaux de partage de fichiers KaZaA et en s'envoyant par e-mail  des adresses alatoires. </p> <p>L'e-mail a les caractristiques suivantes : </p> <p><b>Objet : </b>Hi, I sent you an eCard from BlueMountain.com<br><b>Corps du message : </b>To view your eCard, open the attachment If you have any comments or questions, please visit http://www.bluemountain.com/customer/index.pd<br><b>Pice jointe : </b>BlueMountaineCard.pif </p> <p>Lors de sa premire excution, le ver se dplace dans le dossier systme de Windows sous le nom de fichier wuauqmr.exe et cre dans la base de registre les entres suivantes pour que wuauqmr.exe soit automatiquement excut  chaque fois que Windows dmarre : </p> <p>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\<br>NvCpTDaemon = wuauqmr.exe<br>HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\<br>NvCpTDaemon = wuauqmr.exe </p> <p>Le ver cre le dossier jdfghtrg dans le dossier systme de Windows et se copie dans celui-ci en utilisant les noms de fichier suivants : </p> <p><tt>ACDSee 5.5.exe<br>Ad-aware 6.5.exe<br>Age of Empires 2 crack.exe<br>aim cracker.exe steal usernames.exe<br>aim password cracker aol cracker.exe<br>Animated Screen 7.0b.exe<br>Anno 1503_crack.exe<br>AOL Instant Messenger.exe<br>aol password cracker.exe<br>AquaNox2 Crack.exe<br>Audiograbber 2.05.exe<br>AVP_Crack.exe<br>BabeFest 2003 ScreenSaver 1.5.exe<br>Babylon 3.50b reg_crack.exe<br>Battlefield1942_bloodpatch.exe<br>Battlefield1942_keygen.exe<br>BitDefender.KeyGen.exe<br>Borland KeyGens.exe<br>Business Card Designer Plus 7.9.exe<br>C&C Generals_crack.exe<br>C&C Renegade_crack.exe<br>Clone CD 5.0.0.3 (crack).exe<br>Clone CD 5.0.0.3.exe<br>Coffee Cup Free HTML 7.0b.exe<br>Cool Edit Pro v2.55.exe<br>Crack McAfee 7.exe<br>Crack Norton 3000.exe<br>Diablo 2 Crack.exe<br>DirectDVD 5.0.exe<br>DirectX Buster (all versions).exe<br>DirectX InfoTool.exe<br>DivX 5.03 Codecs.exe<br>divx pro.exe<br>DivX Video Bundle 6.5.exe<br>Download accelarator.exe<br>Download Accelerator Plus 6.1.exe<br>driver.exe<br>DVD Copy Plus v5.0.exe<br>DVD Region-Free 2.3.exe<br>FIFA2003 crack.exe<br>Final Fantasy VII XP Patch 1.5.exe<br>Flash MX crack (trial).exe<br>FlashGet 1.5.exe<br>FreeRAM XP Pro 1.9.exe<br>GetRight 5.0a.exe<br>Global DiVX Player 3.0.exe<br>Gothic 2 licence.exe<br>GTA 3 Crack.exe<br>GTA 3 patch (no cd).exe<br>GTA 3 Serial.exe<br>gta3.exe<br>Guitar Chords Library 5.5.exe<br>HackNTTools.zip .exe<br>Hitman_2_no_cd_crack.exe<br>Hot Babes XXX Screen Saver.exe<br>hotgirls.exe<br>how to hack.exe<br>how to use a shell.pif,<br>ICQ Lite (new).exe<br>ICQ Pro 2003a.exe<br>ICQ Pro 2003b (new beta).exe<br>iMesh 3.6.exe<br>iMesh 3.7b (beta).exe<br>IrfanView 4.5.exe<br>KaZaA Hack 2.5.0.exe<br>KaZaA Lite (New).exe<br>KaZaA Speedup 3.6.exe<br>Links 2003 Golf game (crack).exe<br>Living Waterfalls 1.3.exe<br>Mafia_crack.exe<br>Matrix Screensaver 1.5.src,<br>MediaPlayer Update.exe<br>mIRC 6.40.exe<br>MP3 encoder_decoderV1.8.exe<br>mp3Trim PRO 2.5.exe<br>MSN Messenger 5.2.exe<br>NBA2003_crack.exe<br>Need 4 Speed crack.exe<br>Nero Burning ROM crack.exe<br>Netfast 1.8.exe<br>Network Cable e ADSL Speed 2.0.5.exe<br>Neverwinter_Nights_licence.exe<br>NHL 2003 crack.exe<br>Nimo CodecPack (new) 8.0.exe<br>Nod32Crack.exe<br>PaintShop Pro 7 Crack_By_Force.exe<br>PalTalk 5.01b.exe<br>PANDA.AVers.lusers.exe<br>PANDA.lusers.exe<br>play station emulator crack.exe<br>play station emulator.exe<br>Pop-Up Stopper 3.5.exe<br>Popup Defender 6.5.exe<br>porn.exe<br>QuickTime_Pro_Crack.exe<br>Serials 2003 v.8.0 Full.exe<br>SM.exe<br>SmartFTP 2.0.0.exe<br>SmartRipper v2.7.exe<br>SMS_sender.exe<br>SophosCrackAllVersion.exe<br>Space Invaders 1978.exe<br>Splinter_Cell_Crack.exe<br>Steinberg_WaveLab_5_crack.exe<br>Trillian 0.85 (free).exe<br>TweakAll 3.8.exe<br>Unreal2_bloodpatch.exe<br>Unreal2_crack.exe<br>UT2003_bloodpatch.exe<br>UT2003_keygen.exe<br>UT2003_no cd (crack).exe<br>UT2003_patch.exe<br>Virtua Girl (Full).exe<br>virtua girl - adriana.pif virtua girl - bailey short skirt.pif,<br>warcraft 3 crack.exe 100 free essays school.pif,<br>warcraft 3 serials.pif,<br>WarCraft_3_crack.exe<br>Winamp 3.8.exe<br>WindowBlinds 4.0.exe<br>WinOnCD 4 PE_crack.exe<br>WinZip 9.0b.exe<br>worldbook.exe<br>Yahoo Messenger 6.0.exe<br>Zelda Classic 2.00.exe<br>ZoneAlarm Pro KeyGen.exe<br>zoneallarm_pro_crack.exe</tt> </p> <p>Le ver partage le dossier jdfghtrg sur les rseaux KaZaA en crant dans la base de registe l'entre : </p> <p>HKCU\Software\Kazaa\LocalContent\Dir0<br>= 012345:%SYSTEM%\jdfghtrg\ </p> <p>A chaque fois que le ver est excut, il ralise une attaque par dni de service sur www.chat-planet.nl ou chat.planet.nl en crant et dtruisant sans cesse des connexions sur le site choisi.</p></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap"> Gurison </th></tr>  <tr><td> Veuillez lire les <a href="/support/disinfection/worms.html">instructions pour supprimer les vers</a>.</td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  </table>      <BR><BR><BR>  <H3 class="seealso">Voir aussi :<BR>  <IMG src="/images/common/interface/linepointright.gif" width="470" height="11" border="0"></H3>    <TABLE border="0" cellpadding="0" cellspacing="0">    <TR>  <TD align="left" valign="top" width="18"><IMG src="/images/common/interface/circuitpoint.gif" width="12" height="12" border="0" alt="*" vspace="2"></TD>  <TD><a href="/virusinfo/notifications/">Abonnez-vous au service d'alerte gratuit des nouveaux virus</a></TD>  </TR>   <TR>  <TD align="left" valign="top" width="18"><IMG src="/images/common/interface/circuitpoint.gif" width="12" height="12" border="0" alt="*" vspace="2"></TD>  <TD> <a href="/virusinfo/infofeed/">Incorporez  votre site web ou intranet des informations sur les virus</a></TD>  </TR>   </TABLE>    <!-- SOPHOS Footer: start --></td></tr></table>  <br><br><br>  </td>  </tr>  <tr>  <td width="160">&nbsp;</td>  <td valign="bottom" align="left" colspan="6">&nbsp;</td>  <td valign="bottom" align="right" colspan="6"><a href="/"><img src="/images/common/sophos-logos/sophos103x23.gif" alt="Sophos logo" width="103" height="23" border="0"></a><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"></td>  </tr>  </table>   <!-- SOPHOS Footer: end -->  </BODY>  </html> 
