Aliases: Fractalove.A
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 11 Jul 2008
Damage: Low
Characteristics: Discovered on July 11, 2008,
[email protected] is a mass-mailing worm. This means that the worm infects email addresses listed on the contact or address book to steal sensitive and important information. This worm mainly affects Windows systems.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
This mass-mailing worm collects all email addresses to infect. After gathering, the worm has the ability to steal confidential information such as passwords, identification and bank details.
[email protected] arrives as an email attachment. The file on the attachment is TO_MY_LOVE.SCR. With its tempting filename, any user may open and download this attachment which is actually a malicious threat. This worm drops a copy of itself as %Windir%\IEXPLORE.EXE when the actively running screensaver file shows various fractals. Then, the worm creates a specified system registry entry and logs keystrokes once the user open the following programs: Instant messaging clients, Voice over IP applications, Internet browsers, Email programs, Microsoft Word, Excel and Notepad and Internet payment applications. Afterwards, the worm connects to a server wherein it can send the stolen information. The worm does not stop here; it also spreads to other email addresses.
The application opens unused ports to generate a backdoor on the computer. The port openings created by the
[email protected] program enable a remote user to gain unauthorized access to the computer’s resources. The connection established by the application is utilized by remote users to send instructions to the computer. The remote commands may include download of additional files from the Internet, deletion of files, modification of system configuration and termination of running system processes. These remote activities can be done without the user’s knowledge and consent.