Aliases: W32/Aspam, TROJ_ASPAM.A, Aspam.Trojan,
Variants: W32.Aspam.Trojan.B

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 06 Apr 2000
Damage: Medium

Characteristics: Based on the results of previous infections on other computer systems, the W32.ASpam.Trojan program is widely believed to be a type of rogue antispyware tool. This malware poses as a legitimate protection tool from Microsoft in an attempt to mislead unsuspecting users into launching its codes.

More details about W32.ASpam.Trojan

The W32.ASpam.Trojan program is considered as a malware with a very low damage rating primarily because its payload is more of a nuisance than anything else. This rogue malware is normally circulated as a type of spoofed email message supposedly emanating from Microsoft Corporation. The sender's email address uses the microsoft.com domain while the subject line is entitled "Microsoft Anti-Spam Policy". The body of the email message discusses how Microsoft Corporation does not condone the sending of spam email messages. The letter is signed by a certain Adam Rose who is supposedly functioning in the capacity of Director for the Anti-Spam campaign of Microsoft. The W32.ASpam.Trojan program is closely associated with the Amcis32.dll file which is installed into the System folder of the Windows directory of the compromised machine.

Reports further state that a corresponding key is created in the Windows Registry which will allows this malware to load at every restart or boot up sequence of the host computer system. Some reports point out that the DLL file dropped by the W32.ASpam.Trojan malware may function as a hook routine which can control some of the behavior of the Internet Explorer Web browser. This hook function may redirect the Web browser to predetermined websites and cause the downloading of more serious threats to the compromised machine. Since the Amcis32.dll file is the only trace reported to be dropped by the malware, manual removal of the W32.ASpam.Trojan threat would constitute deletion of this file.