W32.Enviar.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Moderate
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 31 Oct 2001
Damage: Low

Characteristics: W32.Enviar.A is a worm written in Visual Basic. It uses Winsock OCX calls to send itself as email directly to an SMTP mail server. Believed to originate from Portuguese, it then finds files that are inside the “C:\Windows\Favoritos\ folder.” From this folder it automatically generates email address to send itself to. It then creates email with one of the following (Portuguese) subjects, “Suas Compras, Submarino - Confirmacao de Pedido, Americanas - Troca de Pedidos, Oi Gatinha !!! Relatorio de Despesas, Curriculum Vitae Detetive Gustavo, DVDs/CDs, Saudades de Voce, Dicas de Seguran Fa Clube Zeze di Camargo & Luciano, Musicas Cifradas, Entrevista - Ultima Chamada Sugestoes de Canais, Directv - Promocao Especial, Vestibulares - Manuais e Cabaritos Jogo do Milhao, Provedor America Online, Compra de Revistas Turismo & Cia and Alo Galera...Onde estao ?” You may also take note of the sender. The emails contains sender names such as uol.com.br, bol.com.br, zipmail.com.br and ieg.com.br. This worm also uses SMTP server through Worldcomputers.com.

More details about W32.Enviar.A

Worm such as this, are as damaging as it can be. Furthermore, it may also risk on hacking confidential data or files in the computer. As such, it is also a good practice to remember few but basic steps in protecting your computer by denying all incoming connections and allowing services you trusted and really know. Passwords creation is also a key in protecting files and programs from viruses. Auto play facility in your computer should be disabled to further prevent the automatic launching of executable files on network and removable drives. You should also disconnect the drives when not required. File sharing should also be turned off if it is not needed. Do not always install or turn on computer services that popped up in your screen.

The W32.Enviar.A program allegedly has the capability to make multiple copies of itself. This ability is only seen on worms and viruses. Aside from self-replicating, the W32.Enviar.A application is believed to distribute itself to other networks as well. Reports state that its target computers are those connected to networks with poor protection. Several methods may possibly be used by this worm to distribute copies of it. It can send mass instant messages with links to its copies. It may also send out spam emails with an attached copy of itself or a link to an infected website. This worm can likewise use P2P networks and applications for threat propagation.