W32.Rusty@m


Aliases: Email-Worm.Win32.Rusty.b, Generic.Malware.SFMP!HPkTkoe.70974D3C, I-Worm/Rusty.A, W32/EmailWorm.LMU
Variants: W32/Rusty.B, Win32:Beagle-HO [Wrm], Worm.Mail.Rusty.b, Worm:Win32/Rusty.B@mm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 15 Feb 2004
Damage: Low

Characteristics: W32.Rusty@m program is an email worm that utilizes MAPI to propagate itself via Microsoft Outlook. It copies itself to different instant messenger and file sharing program folders. The worm affects Windows Operating System platforms such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, and Windows XP

More details about W32.Rusty@m

The W32.Rusty@m program is an email worm that utilizes MAPI to propagate a copy of itself via Microsoft Outlook. It copies itself to different instant messenger and file sharing program folders. This worm affects all Windows Operating System platforms. The email message comes with a subject “Mail Delivery System”, “Check this out!”, “Important information for you. Read it immediately!” or “” and an attachment entitled either “”, Body,.Html.exe, AvPc AntiAv.exe, or doc.exe. This worm is written in Visual Basic. Once the worm is executed on your system, it copies itself to .exe file and adds, modifies and deletes value in the registry so that the task manager will be disabled. It attempts to create copies of W32.Rusty@m with differing sizes and uses MAPI in Microsoft Outlook to send itself to the first contact in the Outlook address book it finds.

The W32.Rusty@m program may exploit security flaws. These exploits may include security loopholes and programming errors. The remote hacker may utilize these programming errors found in the system. This allows the remote hacker to find better ways of remotely controlling the computer. The application installs itself without the consent of the user. This program may register itself in the system directories so that it will launch every time the computer boots. The W32.Rusty@m program does not follow appropriate installation procedures. It does not present an End-User License Agreement to the user.