W32.Cone.B@mm


Aliases: N/A
Variants: W32.Cone@mm

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: hard
Platform: W32
Discovered: 29 Feb 2004
Damage: Low

Characteristics: W32.Cone.B@mm is a mass-mailing worm which uses Internet emails to spread and or multiply.

More details about W32.Cone.B@mm

This program uses emails to collect files of the compromised computer. The worm sends itself to the email addresses it gathers from the files on an infected computer. You may see an attachment containing.exe, .scr, or .zip file extension. It also alters local hosts file to prevent access to various websites. W32.Cone.B@mm is a variant of W32.Cone@mm. It also uses emails to collect files of the compromised computer. The worm sends itself to the email addresses it gathers from the files on an infected computer. You may see an attachment containing.exe, .scr, or .zip file extension. It also alters local hosts file to prevent access to various websites. Upon execution the worm, it creates the files C:\Debug.A.log and %Windir%\W32.Cyclone.htm. These newly created files are not considered malicious and you can just delete them. It also copies itself to windows directory and also creates these files %Windir%\svchost.exe and %System%\1enel.dll. Another characteristic is that it creates a "C-one." This mutex allows only one instance of the worm to execute.

This worm also stops autoprotect Service. And so, a lot of the files may be compromised. If Kazaa is installed, it also copies itself on its shared folder slash received folder having these file names: Screensaver-Hot Girls-part%d.scr, Winamp5.01.exe, BAD-GIRLS(Playboy)-screensaver.scr and Playboy-Screensaver-Nov-03.scr. It also continuously finds files that have extension such as .mbx, .wab, .html, .eml, .htm, .asp, .shtml, .txt, and .dbx. Usually it automatically browses on these folders, Internet Cache folder, My Documents folder, Default profile folder for Mozilla and Microsoft Address Book folder. If it is successful it will retrieve email addresses from any files found in Outlook Express folder.