W32.Zorro@mm


Aliases: Email-Worm.Win32.Scorpion, I-Worm.Scorpion, W32/Scorpio, Win32.HLLW.Scorpo, W32/Scorpio-A
Variants: WORM_SCORPION.A , Worm/Scorpion , Win32:Scorpion , I-Worm/Scorpion , Win32.Orzzo.A@MM

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 30 Aug 2001
Damage: Low

Characteristics: The W32.Zorro@mm program is a mass-mailing worm made to steal confidential information, and deletes all system files from the infected computer. It spreads by sending itself to addresses found in the Windows Address Book.

More details about W32.Zorro@mm

The W32.Zorro@mm is intentionally programmed to steal information from the infected computer. It is written for a Windows operating system, multiplies and spreads its copies in local computer network via security holes on vulnerable machines connected to the network. To do this, it connects to a SMTP server which is obtained from the default settings of the system. The worm sends emails immediately upon the first startup, then in time intervals. The W32.Zorro@mm also consumes large amount of system resources that may cause the slow and unresponsive performance of the device, resulting to an unreliable system, and in worst cases, destroys the system. This is because this worm installs itself into the system as a hidden application. The W32.Zorro@mm worm is written in Delphi language having about 370kb in size.

When the W32.Zorro@mm worm is executed, it copies itself as an executable file. It then attempts to delete Windows files having system and system information file extension. It also creates a registry entry on the infected computer’s registry key to launch the worm every time Windows would start. The W32.Zorro@mm worm collects email address from Windows Address Book. It then sends itself to the collected email addresses having characteristics of an Italian email. Its subject and message body is completely written in Italian language. The email also has an executable file attachment. The W32.Zorro@mm worm is made to attack and affect Windows systems.