W32.Ackantta.B@mm
Aliases: W32/Xirtem@MM!8b1f20b9, Generic Dropper.p!925a4a25cfa5, Win32.Outbreak!IK, Trj/Buzus.AH
Variants: Trojan.Vundo, For Love or Money—Social Engineering by W32.Ackantta.B@mm, Trojan.Awax
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, Europe, North and South America
Removal: Hard
Platform: W32
Discovered: 25 Feb 2009
Damage: Medium
Characteristics: The W32.Ackantta.B@mm malware belongs to a mass mailing Worm variant. When introduced into a vulnerable system, it attempts to harvest email addresses stored in the machine. These email addresses are used to target other computer systems and networks. To spread its payload, it takes advantage of shared folders and removable devices.
W32.Ackantta.B@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Ackantta.B@mm from your computer.
More details about W32.Ackantta.B@mm
The W32.Ackantta.B@mm worm functions by spreading spam email messages and disabling any active security applications in the vulnerable machine. The action is presumably done in order to further lower security of the compromised machine. The email messages containing this threat may contain various text like "Job Offer from Coca Cola", "You received a Hallmark E-Card", and "Thank You for your application" among others. The spam email may include an attachment named postcard.pdf.exe which when clicked may display animal cartoon images on the computer screen. In the background, the W32.Ackantta.B@mm malware generates a copy of itself in the System folder using the javale.exe filename. It may also use the javame1.1.exe and javawx.exe filenames along with other randomly named DLL files. The malware likewise modifies certain registry key entries in order to gain the ability to load on system startup.The Windows Registry is also used to inject its codes into the Internet Explorer browser. Controlling the Web browser allows it to automatically connect to http://whatismyip.com/automation/n09230945.asp address in order to detect the IP address used by the compromised machine. It then attempts to connect to a predetermined website in order to download other Trojans and worms into the infected machine. The worm W32.Ackantta.B@mm simultaneously begins spreading itself using the entries found in the Windows Address Book. The severity and complexity of the infection caused by this malware makes manual removal difficult and may require the use of dependable antivirus applications with updated engine and database files.
Browse for more malware information
- W32.Ackantta.B@mm
- W32.Ackantta@mm
- W32.Ackpra.A
- W32.Advegol
- W32.Ahker.B@mm
- W32.Ahlem.A@mm
- W32.Aidid
- W32.Aimdes.A@mm
- W32.Aizu.G
- W32.Alcarys.B@mm
- W32.Alco.gen
- W32.Alcra.A
- W32.Aliz.Worm
- W32.Allim
- W32.AllocUp.A
- W32.Almanahe.A
- W32.Alnuh
- W32.Amani@mm
- W32.Amca
- W32.Amend.A@mm
- W32.Ameter@m
- W32.Amirecivel
- W32.Anel@mm
- W32.Annew.A
- W32.Annoying.Worm
- W32.Anset.Worm
- W32.Antiman.A@mm
- W32.Antinny.AX
- W32.Antiqfx.B.worm
- W32.Antiqfx.Worm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.