BleBla
BleBla is a mass mailing worm that spreads itself by sending its copies to addresses listed in the infected users address book and also to the alt.comp.virus newsgroup.
BleBla is sent as in HTML format with 2 attachments that execute automatically: MyJuliet.CHM and MyRomeo.EXE. BleBla activates itself automatically when an infected message is being opened or previewed. To activate itself the worm uses vulnerability in Windows scripting security: the worm CHM component is able to run EXE program by a scripting object that is listed in "safe for scripting", so no Warning messages are displayed when the worm runs its components.
When it is run, BleBla opens Windows Address Book, reads Email addresses from there and sends its HTML message with attached CHM and EXE files to there. To send infected messages BleBla connects to one of six SMTP servers located in Poland. The message has the Subject that is randomly selected from the list:
Romeo&Juliet
:))))))
hello world
!!??!?!?
subject
ble bla, bee
I Love You 😉
sorry...
Hey you !
Matrix has you...
my picture
from shake-beer
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.