[email protected]

Aliases: Fractalove.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 11 Jul 2008
Damage: Low

Characteristics: Discovered on July 11, 2008, [email protected] is a mass-mailing worm. This means that the worm infects email addresses listed on the contact or address book to steal sensitive and important information. This worm mainly affects Windows systems.

More details about [email protected]

This mass-mailing worm collects all email addresses to infect. After gathering, the worm has the ability to steal confidential information such as passwords, identification and bank details. [email protected] arrives as an email attachment. The file on the attachment is TO_MY_LOVE.SCR. With its tempting filename, any user may open and download this attachment which is actually a malicious threat. This worm drops a copy of itself as %Windir%\IEXPLORE.EXE when the actively running screensaver file shows various fractals. Then, the worm creates a specified system registry entry and logs keystrokes once the user open the following programs: Instant messaging clients, Voice over IP applications, Internet browsers, Email programs, Microsoft Word, Excel and Notepad and Internet payment applications. Afterwards, the worm connects to a server wherein it can send the stolen information. The worm does not stop here; it also spreads to other email addresses.

The application opens unused ports to generate a backdoor on the computer. The port openings created by the [email protected] program enable a remote user to gain unauthorized access to the computer’s resources. The connection established by the application is utilized by remote users to send instructions to the computer. The remote commands may include download of additional files from the Internet, deletion of files, modification of system configuration and termination of running system processes. These remote activities can be done without the user’s knowledge and consent.