[email protected]

Aliases: Bloodhound.W32.VBWORM, W32/[email protected]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 11 Nov 2002
Damage: Low

Characteristics: [email protected] is a worm that sends itself to all contacts in the Microsoft Outlook Address Book. This means that [email protected] is a mass-mailing worm. Also, this worm replicates itself to mapped network drives. Discovered on November 11, 2002, the worm was written in Microsoft Visual Basic.

More details about [email protected]

Also known as Bloodhound.W32.VBWORM and W32/[email protected], [email protected] begins to infect by copying itself as %system%\FreeGift.scr. The worm adds the value FREEGIFT %SYSTEM%\FreeGift.scr to the system registry key. It also adds another value to be able to send itself as an email message with the use of Microsoft Outlook. Possible subjects used by this worm are the common used phrases such as “Hello!”, “Congratulations”, “Free Gift”, “Collect Your Prize”, “Free Downloads”, and so many other tempting subjects. The worm serves as an attachment on the email received. Once the attachment is downloaded, the worm creates a copy of itself to mapped network drives. This worm does not only infect the host computer but also to other contacts listed in the Microsoft Outlook Address Book.

The [email protected] program allegedly has properties that allow remote access to malicious hackers. Remote access refers to a hacker’s ability to control, influence and utilize the computer system of the victim. Once a computer system has been compromised by threats that allow remote access like viruses or trojans, the attackers are enabled to send commands to the infected machine. These commands could include various instructions for performing a series of operations. Files that have not been solicited by users are also reportedly downloaded by the [email protected] program. The applications that are dedicated to performing this function are referred to as downloaders. They do not typically inform users that malicious codes are being downloaded into their computer systems.