W32.Langex@mm


Aliases: Email-Worm.Win32.Langex, I-Worm.Langex, W32/Langex@MM, Win32.Langex.3072, W95/Langex-A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 28 Jul 2002
Damage: Low

Characteristics: W32.Langex@mm is a mass-mailing worm. It uses MAPI to spread itself to other systems. The subject of the mail varies since the worm simply replies to emails it finds on an infected computer. It contains the attachment named lang.exe. This worm does not have any payload.

More details about W32.Langex@mm

The worm W32.Langex@mm uses the Internet for propagation. It spreads itself as an attachment through email. It is a Windows PE EXE file of about 3Kb written in Assembler. It uses MAPI to search email messages in the mailbox. It also replies to those whose body does not begin with "CLIE." The worm prepends "Re:" to the subject if the original subject did not begin with "Re:”. It has an attachment with the filename lang.exe. The message body starts with: “CLIENT NOTICE: the recipient viewed your…” The worm then deletes the original message after it has replied to it. It does not perform any other actions. It also does not launch automatically nor attach itself to a system. The worm only executes when the attachment is clicked.

Although the worm does not severely damage the system, it can be a problem when it comes to email messages. When the W32.Langlex program is present in the user’s computer, it reportedly creates undesirable effects to the victimized computer. The W32.Langlex program allows other installations to run even without the user’s consent. It permits confidential and personal information to be shared to undisclosed and unknown parties. User’s files and other undesirable network connections may also be opened that could cause severe degradation of the computer as to its performance and integrity.