W32.Mineup.Worm


Aliases: W32/Petik@MM
Variants: I-Worm.Winmine, W32/PetTick@MM

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: North and South America, Australia, Europe, Asia
Removal: Easy
Platform: W32
Discovered: 05 Jul 2001
Damage: Low

Characteristics: This threat disguises itself as an update to a game included with the installation of the operating system. The W32/Petik@MM is designed with two elements, its main executable file and a Visual Basic Script component. The Visual Basic component of the malware is responsible for transmitting the executable file to all contacts in the address book of the default email client of the operating system. It executes a code at every 15th of the month.

More details about W32.Mineup.Worm

This threat was programmed using a High Level Language and is specific to a component of the operating system. The W32/Petik@MM upon execution will verify the location where it is launched from. If the location is not within the directory folder of the operating system the W32/Petik@MM will display an alert message. The message will inform the computer user that it is the last update for a computer game. The malware will attempt to look authentic by including the name of the developer of the operating system in the window title. If the unsuspecting computer user clicks on the OK button of the message box, the W32/Petik@MM will proceed by copying its executable file into the same location where the operating system files are stored.

When the W32/Petik@MM is launched directly from the directory folder of the operating system it will generate a VBS format file in the root directory of the main hard drive of the infected computer system. This file is immediately executed without user intervention and will allow the W32/Petik@MM to send an executable file to all contacts found in the address book of the default email client of the operating system. The W32/Petik@MM checks if it is the 15th of the month and will deliver its payload of swapping the functionality of the mouse buttons.