W32.Blebla.Worm


Aliases: I-Worm.Blebla.b [KAV], W32/BleBla.b@MM [McAfee], WORM_BLEBLA.B [Trend], W32/Verona-B [Sophos], Win32.Verona.B [CA]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: slow
Geographical info: Australia, North and South America, and some parts of Asia
Removal: Easy
Platform: W32
Discovered: 15 Nov 2000
Damage: Low

Characteristics: The W32.Blebla.Worm program infects computers through the use of an email message.

More details about W32.Blebla.Worm

The W32.Blebla.Worm program uses attachment names such as Myjuliet.chm, Myromeo.exe, Xromeo.exe and Xjuliet.chm. Users should be cautioned not to open the email message because it automatically adds and saves itself when launched. When it is executed, the worm send itself out to all names in your Microsoft Outlook address net mail servers located in Poland. The newsgroup alt.comp.virus is also this worms target in spreading out. Another symptom is that it also changes registry keys, so that it is run when certain file types are viewed or executed. If you are lucky and the worm didn’t automatically save and send out emails, it does not damage your system. You may also see files named as Xromeo.exe, Xjuliet.chm, 001.txt, 002.txt and Sysrnj.exe. These filenames exist when the worm is present in your computer. Accordingly, it affects Windows 95, Windows 98, Windows 2000, and Windows Me but is limited to Macintosh, Windows NT, OS/2, UNIX and Linux. You cannot also physically just navigate or browse the file for it will not be found. You will know when this virus is sent when you see a subject named “Romeo&Juliet,”where is my Juliet,”where is my romeo,”hi,”last wish,”lol,” newborn,”merry Christmas,”surprise,”Caution: NEW VIRUS,”scandal, and ”Re.”

The W32.Blebla.Worm program spreads to other computers through shared networks and e-mails. The program scans the affected computer for e-mail addresses. It then e-mails itself to the gathered e-mail addresses as a means of propagation. It uses its own e-mail protocol to be able to send the messages. The program also infects files that can be found in shared networks that are not protected. A computer that is connected to the affected system may easily be infected with this worm program.