W32.Zhosu@mm


Aliases: W32/Acid-F
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 20 Mar 2007
Damage: Low

Characteristics: The W32.Zhosu@mm program is a worm that spreads and copies itself as an executable file with a file size of 49,152 bytes. Once executed, it attaches and distributes itself to email addresses found on the infected computer’s Windows Address Book.

More details about W32.Zhosu@mm

The W32.Zhosu@mm program is a worm created to affect mainly Windows Operating System. It copies itself as an executable file and creates a text file which is a base64 encoded version of the worm. The W32.Zhosu@m worm is also capable in creating a registry entry that runs every time Windows is started. It then collects email addresses from the infected device’s address book. The program then sends emails containing an executable file with blank message body to gathered addresses using its own SMTP engine.

Once the W32.Zhosu@mm worm has infected a computer, it immediately does propagate itself via sending a copy to email addresses found on Windows address book. It comes as a forwarded message from someone named Feng Suzhong, having a subject of “Love cannot be forgotten,” with an executable file called “LoveMe.exe” attached in the mail, which immediately activates once the email is previewed on the window pane. The W32.Zhosu@mm easily spreads, but removal in the system is rather easy as well.