Aliases: Email-Worm.Win32.Agent.gew, W32/Autorun-RI, Email-Worm.Win32.Agent, W32/
[email protected], WORM_MYDOOM.CG
Variants: Worm:Win32/
[email protected], Win32/Ceein.worm.449024, P2PShared.U, Backdoor:W32/SdBot.CNJ, Win32/Mytob.OO
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Moderate
Geographical info: Europe, North and South America, Asia
Removal: Easy
Platform: W32
Discovered: 03 Dec 2008
Damage: Medium
Characteristics: The payload delivered by the
[email protected] mass mailing Worm is that it attempts to retrieve stored email addresses in the compromised computer. Its presence also indicates an open backdoor which can be used by malicious developers to expose sensitive information stored in the machine. The manner of propagation infects removal devices.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
The
[email protected] program is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable media. It also opens a back door on the compromised computer. Also known as the W32/
[email protected] program or the WORM_MYDOOM.CG application, the
[email protected] program propagates on the computer through removable drives. It also gathers email addresses from the compromised computer for its mass-mailing task. As a mass mailing worm, the
[email protected] malware makes use of the entries found in the Windows Address Book to send its codes. The email message normally contains compressed attachments that may use the filenames postcard.zip, coupon.zip, or promotion.zip among others. Once established in the computer system, the
[email protected] malware implements a keystroke logging routine together with the opening of an unsecured backdoor. This allows the malicious author to retrieve passwords and other sensitive files which can lead to identity theft and similar unauthorized online activities.
In an attempt to prevent detection, the
[email protected] program sends email messages that may utilize random subject messages and the body text is presented in such a way that it will convince the computer user to execute the attached file. The vxworks.exe file serves as the main executable of the malware which is stored in the System folder of the Windows directory. Moreover, upon its execution, the
[email protected] program will create an autorun.inf file so that it runs itself when the infected drive is mounted.