[email protected]

Aliases: Win32.Nochod.B [Computer Assoc, Backdoor.Win32.Landis.1121 [Ka, W32/Generic.m [McAfee], W32/Chode-B [Sophos], WORM_CHOD.B [Trend Micro]
Variants: [email protected] .There

Classification: Malware
Category: Computer Worm

Status: active
Spreading: Low
Geographical info: Low
Removal: Moderate
Platform: W32
Discovered: 02 Apr 2005
Damage: medium

Characteristics: The [email protected] program proliferates through MSN Messenger. It overwrites hosts consequently blocking access to several websites.

More details about [email protected]

One of the main characteristics of the [email protected] program is its backdoor capabilities that it manages through IRC channels. This virus automatically overwrites hosts consequently blocking access to several websites. It is said to enter and penetrate the system through email messages. This malware is capable of executing remote access attacks on vulnerable computer systems. This is presumably done by opening an unauthorized access port in the infected machine. This program is reported to exploit security vulnerabilities in some programs and Operating Systems especially Web browsers. It may utilize the compromised computer system for the distribution of more security threats. In general, the installation of this malware into the system is done in the background and without the user’s consent or knowledge.

Many computer security providers believe that the payload of this malware is explicit to the Microsoft Windows Operating System platform. When introduced into the vulnerable computer system, the security threat modifies the Windows Registry to gain access to communication protocols and establish its presence on every system startup.