W32.Fami.worm


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 16 Mar 2001
Damage: Low

Characteristics: W32.Fami.worm is a mass-mailing worm. It automatically sends messages to addresses in the compromised computer’s Microsoft Outlook address book. Reports have shown that this worm comes as a 104Kb executable file. As it was known, this worm spreads through an email message with the following subjectts, “Find you perfect match, whether you are married or not...” “Check your IQ... IQ Calculator attached...” “New Microsoft Messenger, Advanced Version of MSN Messenger attachéd” and “See the Family Photo, Bill Clinton on a donkey.”

More details about W32.Fami.worm

The message body contains, “How are you ? I am Fine. I don't know why you did not mail me back for my mails. Anyway check the family photo which I have sent as attachment. It's real funny. Hey, I will write a detailed letter later... Now I am little busy. Do not forget to send your opinions about the family photo to me.” Another message would be, “How are you ? I am Fine. I don't know why you did not mail me back for my mails. Anyway find your perfect match for your life. It is in the file attached. It doesn't matter if you are married or not. It's worth having a look. It's real funny. Hey, I will write a detailed letter later... Now I am little busy. Do not forget to send your opinions about the Perfect Match to me.” And lastly, “How are you ? I am Fine. I don't know why you did not mail me back for my mails. Anyway check the new released Microsoft Messenger. It is in the file attached. It doesn't matter if you are using another messenger right now. It's worth having a look. Please include me in your contact list. I am in ahuryy now. I am sure you will excuse me for now. We can chat later through the new messenger. It has advanced options like voice chat, multiple telephonic conversations etc. with lots of love.”

The worm is installed without the consent and knowledge of the user and by exploiting weaknesses it could locate in the user’s security settings. It can circumvent or even disable security software that has been installed by the user to make the worm’s entry into the system possible. Usual causes for this malware’s entry include unsafe Internet and computer usage practices such as downloading files from the Internet that probably carry the worm. Free applications and downloaded files from P2P networks are also potential sources of this worm. The program does not provide adequate procedures to uninstall thus making complicated any attempt to uninstall it.