Bigbrother
Bigbrother
Type Email worm
Creator Lord Yup
Date Discovered 2002.08.01
Place of Origin Poland
Source Language Assembly
Platform MS Windows
File Type(s) .exe
Infection Length 12,800 bytes

Bigbrother, also known as Bibro, Livecam or Sitlund (or some variation on these names) is a worm by Lord Yup.

Table of Contents

Behavior

Bigbrother arrives in an email as the attachment "BigBrother_Live_Camera.exe". The sender will be "BIGBROTHER TVN POLSKA" <bigbrother@bigbrother.tvn.com.pl> and the subject is "BIGBROTHER SHOW !" The message body is in Polish:

Teraz mozesz ogladac BIG BROTHER SHOW za pomoca komputera! Jak to
zrobic? Wystarczy ze uruchomisz specjalny program
(BIGBROTHER_LIVE_CAMERA.EXE) , ktory zostal dolaczony do wiadomosci.
Ponadto za pomoca tego narzedzia mozesz nominowac wybrane przez ciebie
osoby, do opuszczenia domu Wielkiego Brata. Co miesiac rozlosowane beda
nagrody (telewizory, wieze stereo,
komputery ...i wiele ,wiele innych). Prosimy przysylac
opinie i komentarze na temat programu.
Zyczymy milej zabawy:
Redakcja programu.

Translation:

Now you can watch BIG BROTHER on your computer! How to
do it? Just start with a special program
(BIGBROTHER_LIVE_CAMERA.EXE), which is attached to the message.
In addition, with the help of this tool you can nominate a contestant
to leave the Big Brother house. Each month, a prize will be chosen
at random (TVs, stereos,
computers ... and many, many others). Please send
reviews and comments on the program.
We hope you have fun:
Editors of the program.

When Bigbrother is executed, it copies itself to the Windows folder's temporary folder as 000000s.b64 and to the system folder as b1g_brother.exe. It adds the line " run=C:\%System%\b1g_brother.exe" to the Win.ini file, ensuring it will start up when the computer is started.

The worm creates the file 00000b.rat, which is in email format. It searches the registry for information on the system's SMTP server and the current user from the registry. It then searches all *.htm* files in the user's personal folders, and sends a copy of itself to all email addresses it finds.

Effects

There was one reported wild infection. The worm probably did not venture far from Lord Yup's lab.

Sources

Lord Yup. Bigbrother Source.

Yana Liu. Symantec.com, W32.Siltund.Worm.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License