Category: Computer Worm
Europe, North and South America, Asia
02 Aug 2002
The [email protected]
program falls under the category of mass mailing Worms which scans the contents of the user's mailbox using Microsoft Outlook. This malware will reply to all unread messages contained in the mailbox only if it is Monday or Thursday and the time is 6:00 to 12:00 am or pm.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This mass mailing Worm normally arrives at a targeted computer system as a type of reply to a message from an infected computer system's user. The user's name is included in the message body to give it an air of legitimacy. As with majority of mass mailing malware, the [email protected]
program also carries a file attachment which usually makes use of the bill.exe, card.exe, click.exe, demo.exe, data.exe, docs.exe, Flash.exe, Game.exe, Fun.exe, humor.exe, images.exe, mp3.exe, news_doc.exe, 10 different Korean names.exe, and opinion.exe filenames. When the file attachment is launched, a message box supposedly from VeriSign will be displayed to the computer user. When the message box is closed, another will be launched by the [email protected]
program informing the user of a damaged ActiveX Control component. This display hides the background process of the malware of creating an instance of itself in the Windows directory using the win.ini and svchost.exe filenames.
Moreover, when the infected computer system is restarted, the [email protected]
program will automatically launch and scan the system date. If the day falls on either a Monday or a Thursday, the system time will be checked. When the time is between 12:00 to 5:00 am or pm, the malware will display a message box but will not spread its codes. It will however launch its propagation routine at any other time of the said days. The propagation routine will scan for all unread messages but will not harvest email address from the Windows Address Book.