W32.Update.Worm


Aliases: I-Worm.Mustard
Variants: W32.Mustard

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 May 2001
Damage: Medium

Characteristics: The W32.Update.Worm application is an uncomplicated mass-mailing worm which can multiply using Microsoft Outlook. This worm is encrypted in a language that is high-leveled. However, through email spreading, this worm executes and creates a script (VBS).

More details about W32.Update.Worm

In case the Script.ini file was being used including the well known Windows IRC chat user mIRC, then it will send the AVUpdate.exe file to the other users of the IRC as they are combining to the channel where the infected user is connected in. The worm can also infect only the mIRC if in case the mIRC was already installed to the paths such as the C:\Program Files\Mirc, C:\Mirc, C:\Program Files\Mirc32 and C:\Mirc32. This worm will then tries to disable the Norton AntiVirus, if it is installed on your computer. The Norton Antivirus identifies the Script.ini file as the W32.Update.worm. On the other hand, this incident only happens when your computer is under the Windows 90s and with some editions of the NAV only.

Once the W32.Update.worm was performed, the worm tries to generate an entry in to the registry of the Windows. The entry will appear to be utilize as to ensure as to whether W32.Update.worm has run already on the computer. The worm also generates a replicate of itself as the \Windows\AVUpdate.exe file. It will then tries to launch the newly generated file to the saved contacts on the address book of the Microsoft Outlook. The worm contact the contacts saved by generating the Send.vbs file directly beneath the root of the Drive C and then perform it. The worm also drops file such as Script.ini.