W32.Serot@mm


Aliases: I-Worm.Serotin, W32/Serot@MM, W32.Serot@mm, Win32.Benny.32768, Win32/Serot.A@mm,
Variants: PE_SEROTON.A, Worm/Serotin, Win32:Serotin, I-Worm/Serotin, Win32.Serotonin.A@mm

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 Jan 2003
Damage: Low

Characteristics: The W32.Serot@mm is an Internet Worm. Worm Serotin or also known as Seron multiplies via email.

More details about W32.Serot@mm

The W32.Serot@mm application is an Internet worm. A worm is a computer program designed to spread across computer networks. It uses a network to send copies of itself to other computers on the network. Worm applications do not infect files but may include one or more threats leading to computer security compromise and information theft. An unsuspecting user typically installs worms by unintentionally opening an e-mail attachment or message that contains executable scripts. Once installed, it replicates itself on the user's system until the time that it does take up all the available memory on the infected computer. This results in system slowdown and may even cause the computer to crash. A worm application may also affect the hard disk. This restricts the user from saving or creating new files.

When W32.Serot@mm opens, it terminates all the processes with strings such as firewall, dr. web, spider, kasper, nod32, virus, guard, anti, avp, amon, avg, rav, and avx. W32.Serot@mm searches and tries to contaminate all the MSIL executable files on drive C. It also sends itself to all the email addresses that it locates in the Internet Explorer cache folder and Windows address book. The email is encoded at UTF-7 format, and the “from address” is support@microsoft.com. The email has VB scripts that add the value “Serotin”. The W32.Serot@mm eliminates this registry value after the worm opens for the first time.