Friendgreetings, WORM_FRIENDGRT.A, WORM_FRIENDGRT.B, Friend Greeting application
Category: Computer Worm
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
25 Oct 2002
Last October 25, 2002, W32.Friendgreet.worm was found that appeared to have the characteristics of a worm. This worm-like threat was sent to thousands of email addresses that disguised as an electronic greeting card or commonly known as e-card. There was a website of this malicious worm but in January 2004, the site became unavailable.
W32.Friendgreet.worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Friendgreet.worm from your computer.
More details about W32.Friendgreet.worm
There is a permission required by this worm-like e-card to be able to install and propagate. So if the user does not allow the installation of the software, there will be no mass-mailing functions to be executed. The e-card arrives with the subject %recipient% you have an E-Card from %sender%. Once you click the link, there is a software required to be downloaded before you can view the e-card. Two End User License Agreements or EULA are also commanded to be able to complete the installation. This EULA is requesting you to give the permission to send an email to all contacts listed in the Microsoft Outlook Address Book. So when you agree, you are permitting the e-card that contains worm-like activities to be sent to all email addresses in the Address Book. However, if you disagree, the software will not be installed as well as the e-card will not be sent.
Once you accept the agreement, the software is installed. It will create system registry entries and add values. The software also creates several files including NewBinary4.exe. This file contains the mass-mailing routine of the worm which means, the malicious-contain e-card would be sent to all email addresses in the Microsoft Outlook Address Book. The W32.Friendgreet.worm program is classified as dangerous because of their capability for opening holes or backdoors in targeted computers. Holes are opened for the purpose of allowing remote hackers to control the infected machine. Through the W32.Friendgreet.worm program, intruders can launch programs, transmit and receive data thru the Internet, vie classified information and reboot the system. Hackers can likewise use it to display notifications, execute malicious codes and delete data and other pertinent files.