Win32/Blackmal.B.Worm, Win32.Blackmal.B, W32/[email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, Australia
01 Apr 2004
Like most mass mailing Worms, this malware also arrives at a vulnerable computer system usually as an attachment from a spiked email message. The [email protected]
program makes use of the stored email addresses in the compromised machine to deliver its payload and spread its codes.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This malware is commonly circulated in email messages that attempt to spoof alerts coming from legitimate antivirus developers. The [email protected]
Worm would go as far as including a logo image of the antivirus product or company that it is imitating. The body of the message normally notifies the user of potential risks to Microsoft Word produced documents or infections from attached image files among others. The filename used by this malware may be random but would normally have the EXE, SCR, COM, or ZIP file extension. A variation of the Worm's email message is more of an adult nature with supposedly image file attachments. When the [email protected]
program successfully infects a targeted computer system, it normally proceeds by scanning the machine for the presence of any antivirus or similar protection programs. The Worm will then go into the folder of the application located in the Program Files directory and would attempt to delete all the contents of the location especially EXE format files.
According to several reports, the Windows Registry will also be stripped of any information relating to any security programs or processes. The [email protected]
program will also target the security protocols built into the host Operating System of the infected machine. When its execution has been successful, the [email protected]
program will attempt to open Windows Media Player to play a bogus file. It will then display a message box advising the computer user to attempt to play the file from within Internet Explorer. This action may allow the Worm to introduce more malicious codes into the already infected computer system.