[email protected]

Aliases: W32/Animan-A, Win32/[email protected], WORM_ANIMAN.A, Win32:Animan, [email protected]
Variants: Email-Worm.Win32.Animan, I-Worm.Animan, Win32.HLLM.Manimize.30720, BDS/Drat-130, Trojan.Lithium.Capture

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 30 Oct 2002
Damage: High

Characteristics: Characterized by its own Simple Mail Transfer Protocol engine, this mass mailing Worm is capable of harvesting the contents of the Windows Address Book to spread its payload.

More details about [email protected]

The [email protected] malware exploits the Multipurpose Internet Mail Extension to allow it to execute when an email message is previewed or read. The email message sent by the [email protected] malware has a subject line which may contain the text - Alert!, - Happy!, -Thank You !, - Important !, - Welcom!, and -You only see among others. The malware randomly chooses among these preferred subject lines. Every email message that is sent out by this malware includes the AntiMani.exe file attachment which the malicious author hopes will be executed by the unwary recipient. When the [email protected] malware is executed in the infected computer system, it launches a message box that contains the text "Your computer is not infected by New Viruse". The message box title is usually "Manimize".

Moreover, this virus is normally stores the AntiMani.exe file in the System folder of the Windows directory and has an archive, hidden, and system attribute. The Msacm16.dll, D3dim16.dll, and D3drm16.dll files are also created in the same folder location. The AntiMani.exe file also has a corresponding entry created in a certain Registry key folder. The message content of the email offers the computer user with a supposedly new antivirus application that is capable of removing a new Worm variant. The [email protected] malware in this instance can cause the downloading of more malware into the already infected computer system. Computer security experts also consider the [email protected] program as a type of tool for rogue antispyware programs.