W32.Rarbeauty@mm


Aliases: W32/Rarbeauty@MM, Worm.W32/Rarbeauty@MM
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 07 Dec 2007
Damage: Low

Characteristics: W32.Rarbeauty@mm is a mass-mailing worm. It spreads by attaching itself to emails sent to all Microsoft Outlook contacts. The worm is a slow infector. It causes low damage to an infected computer. It can be removed easily by using an updated antivirus software.

More details about W32.Rarbeauty@mm

W32.Rarbeauty is a mass mailing worm. It infects Windows systems and spreads by attaching itself to emails sent to all Microsoft Outlook contacts. When executed, the worm copies itself as the following files: ctfmon.exe in Windows\Help folder; msconfig.exe, regedit.exe and regedit32.com in Windows System folder; svchost.exe in Windows\Web folder; autorun.inf in Root of the Drive; and (File_Name).exe in Windows\(Folder_Name) folder. It also copies itself to all folders on all drives or overwrites any file it finds in the following pattern: (DriveLetter)\(Folder_Name)\(Folder_Name).exe. The worm also overwrites notepad.exe and regedit.exe present in the Windows System folder. The worm modifies the registry to make sure it loads itself during each startup. The worm sends itself as an email attachment to all outlook contacts using various subject titles and attachments.

The W32.Rarbeauty@mm software is spread as another file. The programmer that wrote it may send it via spam messages on e-mail or instant messages. It may also be spread via IRC (Internet Relay Chat). The user may think it is a popular movie or music file on a file-sharing network. It may also be bundled with free software spread on download sites. Other malware programs can also download and install the application. It may also be spread via drive-by-downloads.