Aliases: I-Worm.SouthPark, W95/SouthPark@MM, Win32.HLLW.SouthPark.19968, W32/SouthPark-A, Win32/SouthPark.A@mm,
Variants: WORM_SOUTHPARK.A, W32/Southpark, Win32:SouthPark, I-Worm/SouthPark, Win32.SouthPark.A@mm,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 13 Feb 2007
Damage: Low

Characteristics: This worm was made with Visual Basic 5. It could only run on Windows systems with Msvbvm50.dll software. The worm sends SouthPark.exe, an .exe file that is 19 megabytes in size. The email message it sends is in German language.

More details about W32.SouthPark.Worm

This worm was written in Visual Basic 5 language. It could only run on Windows systems with “Msvbvm50.dll”. The worm spreads “SouthPark.exe”, an .exe or executable file that is 19 megabytes in size. The email message is in German language. The worm sets up itself for execution in the registry key as value “Windll=c:winguard.exe.”. The worm routine utilizes Microsoft Outlook and MAPI. The subject of the email message is: “Servus Alter! Hier st das Spiel, das du unbedingt wolltest! ;-)”. The worm duplicates itself to “c:winguard.exe”. It has the following unicode string: “SUSI v1.0 made by LITTLE JIM”.

A computer worm is different from a computer virus, because a computer worm could run itself. A virus needs to have a host program to run, and the virus code opens as part of the host. A worm could multiply w/out a host program, but some new computer worms also utilize files to cover inside. Worms which multiply through vulnerabilities in the services of network could best be secured against by keeping updated in installing patches given by application and operating system vendors. This comprises worms like Blaster and SQL Slammer. Computer worms which multiply like Trojan horses could best be secured against by not opening the attachments in your e-mail message. These contaminated attachments aren’t limited to executable files. Microsoft Excel and Word files could have macros which give infection.