W32.Amani@mm


Aliases: W32/Animan-A, Win32/Amani.A@mm, WORM_ANIMAN.A, Win32:Animan, Win32.Amani.A@MM
Variants: Email-Worm.Win32.Animan, I-Worm.Animan, Win32.HLLM.Manimize.30720, BDS/Drat-130, Trojan.Lithium.Capture

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 30 Oct 2002
Damage: High

Characteristics: Characterized by its own Simple Mail Transfer Protocol engine, this mass mailing Worm is capable of harvesting the contents of the Windows Address Book to spread its payload.

More details about W32.Amani@mm

The W32.Amani@mm malware exploits the Multipurpose Internet Mail Extension to allow it to execute when an email message is previewed or read. The email message sent by the W32.Amani@mm malware has a subject line which may contain the text - Alert!, - Happy!, -Thank You !, - Important !, - Welcom!, and -You only see among others. The malware randomly chooses among these preferred subject lines. Every email message that is sent out by this malware includes the AntiMani.exe file attachment which the malicious author hopes will be executed by the unwary recipient. When the W32.Amani@mm malware is executed in the infected computer system, it launches a message box that contains the text "Your computer is not infected by New Viruse". The message box title is usually "Manimize".

Moreover, this virus is normally stores the AntiMani.exe file in the System folder of the Windows directory and has an archive, hidden, and system attribute. The Msacm16.dll, D3dim16.dll, and D3drm16.dll files are also created in the same folder location. The AntiMani.exe file also has a corresponding entry created in a certain Registry key folder. The message content of the email offers the computer user with a supposedly new antivirus application that is capable of removing a new Worm variant. The W32.Amani@mm malware in this instance can cause the downloading of more malware into the already infected computer system. Computer security experts also consider the W32.Amani@mm program as a type of tool for rogue antispyware programs.