W32.Zush@mm


Aliases: W32/Zush, Win32/Zush.A, Email-Worm.Win32.Zush, I-Worm.Zush, W32/HLL.ow.Zush
Variants: W32/Zush-A, Win32/Zush.A@mm, W32/Zush.A, I-Worm/Zush.B , Win32.Zush.A@mm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 24 Sep 2001
Damage: Low

Characteristics: The W32.Zush@mm program is a worm that spreads itself without any user intervention. It copies itself to a system file and then sends email to all the contacts it finds in the Windows Address Book.

More details about W32.Zush@mm

The W32.Zush@mm is a mass-mailing worm that affects most Windows Operating System. Its objective is to spread itself and infect computers as many as possible. This is done by creating duplicates of themselves, collecting email addresses from the infected computer’s address book, and sends themselves to the collected email addresses. The email distributed by the W32.Zush@mm looks seemingly like a regular email from a regular person, except for its subject which is written in Spanish. When an email is contained with the W32.Zush@mm worm, it activates itself instantly the mail is previewed. The W32.Zush@mm runs in the infected system’s background as a system process, using up system resources. This greatly affects the system’s performance and functionality, which usually ends in abnormal system behavior, and in worst case, system crash.

When the W32.Zush@mm worm is launched, it locates the infected computer’s system folder, and creates a copy of itself as a system executable file “System32.exe.” It then sends emails to all the contacts it finds in the user’s email list, with subject “Vazna informacija!”, random message body, and an executable file attachment. If a computer is infected with the W32.Zush@mm worm, its system performance may become poor and unresponsive. This may be fixed though by removing the worm. To do this, the user should disable system restore, to prevent restoration of the W32.Zush@mm worm. Then through the updated security software installed in the computer, run a full system scan, and then delete all the files detected as W32.Zush@mm.