Aliases: W32/Sponge@MM
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: hard
Platform: W32
Discovered: 23 Oct 2002
Damage: Low

Characteristics: The W32.Buzzard@mm program is considered as a mass-mailing worm that uses emails to multiply and propagate. The author chose to write it in a Visual Basic application packing it with tElock and UPX.

More details about W32.Buzzard@mm

The W32.Buzzard@mm program sends email with enticing subject and an attachment name that spreads the worm. W32.buzzard@mm is considered as a mass-mailing worm that uses emails to multiply and propagate. It contains email subjects like “hi,”new email address,”virus alert” and “happy birthday!”. It also contains attachments like gresge.exe, bsdkskshf.exe, nlddoe.exe and nfkrjhgr.exe. The message body on the other hand, contains texts saying, “here is the file i told you about. Dont tell anybody.shhhhhhhh.” Beware of these files and/or attachments that may come to your email address.

This threat was designed to invisibly download and execute other files and applications from a remote Web or FTP site. According to some websites, a computer user may be infected by this threat by means of visiting a malicious website or by downloading a file from a peer-to-peer network. It can also be gained through electronic mail attachments. Once this threat is activated, it automatically mounts itself to the system and checks for an Internet connection so it could start downloading its components on its affected system.