W32.Emsenush.A


Aliases: W32.Emsenush.A, W32/Emsenush
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 May 2008
Damage: Low

Characteristics: Reports say that this worm propagates to windows instant messaging clients. It crawls to all Windows Operating Systems such as Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003 and Windows 2000. The worm uses different instant messaging platforms to send and drop a variant of this worm. If it finds an instant messaging platform, the virus automatically executes itself on the system of the computer.

More details about W32.Emsenush.A

Once the virus is currently installed in your computer, the worm multiplies itself to the system directory. One characteristic of this worm is that it may come as a link contained in an instant message. So users must be warned to not always install or turn on computer services that popped up in your screen. These are critical avenues they usually attack. The worm also has monitoring and checking ability through which the worm may check on the compromised computer’s Internet connectivity. Consequently, the worm also attempts to download an update itself, if Internet connectivity is present. Upon connecting from the Internet, the worm automatically sends message to all the contacts of the compromised computer’s instant messaging contacts.

This worm displays the message, “it watches this animation of bush :P” and “mira esta animacion de bush :P.” The message also includes a link to itself. The infected computer can be instructed to connect to a specific IRC server and channel. Programs may be run in the system with visible or hidden program windows. Error screens may suddenly fill the screen of the infected computer. These may also disappear unexpectedly. A fatal system error may be generated with text from the unauthorized remote user. The Windows operating system may be closed and the system restarted. The hard drive may be formatted without asking for user approval.