W32.SysId.Worm


Aliases: TROJ_PERSONAL_ID
Variants: PERSONAL_ID

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 11 Aug 2000
Damage: Low

Characteristics: The W32.SysId.Worm application is a worm that was discovered on August 11, 2000. This worm propagates by instantly sending itself through email to all email address in MS Outlook that is registered.

More details about W32.SysId.Worm

In case there are files that has .doc, .jpeg, .jpg, or .xls in you’re my Document folder, then one of these files will be chosen each time at random manner and then sent along with a quantity of two items and also at random manner from the folder of the Outlook Contacts. When this takes place, the subject is the name of one of the chosen items from the Outlook Contact folder and the body of the message contains an empty lines. If not, both the subject and the body are empty. After this script has performed sometime, both the named file at random and the script will be deleted by the worm. The random names are GoodGame, FreedMan, Hurry Up, Take a Rest, Take Easy, etc.

The worm replicates itself to the directory of the Windows System using a randomly chosen name. This worm inserts Winver.vbs in to the targeted directory and tries to execute this file. The script tries to use the Microsoft Outlook 2000 and 97, it doesn’t executes with the Outlook Express, to propagate via email. The worm finds the address of the Outlook lists and then it chooses a name randomly from a piece of names in every list. It will send these randomly named file that was being copied to the directory of the Windows System and serves as an attachment.