Aliases: Friendgreetings, WORM_FRIENDGRT.A, WORM_FRIENDGRT.B, Friend Greeting application
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 25 Oct 2002
Damage: Low

Characteristics: Last October 25, 2002, W32.Friendgreet.worm was found that appeared to have the characteristics of a worm. This worm-like threat was sent to thousands of email addresses that disguised as an electronic greeting card or commonly known as e-card. There was a website of this malicious worm but in January 2004, the site became unavailable.

More details about W32.Friendgreet.worm

There is a permission required by this worm-like e-card to be able to install and propagate. So if the user does not allow the installation of the software, there will be no mass-mailing functions to be executed. The e-card arrives with the subject %recipient% you have an E-Card from %sender%. Once you click the link, there is a software required to be downloaded before you can view the e-card. Two End User License Agreements or EULA are also commanded to be able to complete the installation. This EULA is requesting you to give the permission to send an email to all contacts listed in the Microsoft Outlook Address Book. So when you agree, you are permitting the e-card that contains worm-like activities to be sent to all email addresses in the Address Book. However, if you disagree, the software will not be installed as well as the e-card will not be sent.

Once you accept the agreement, the software is installed. It will create system registry entries and add values. The software also creates several files including NewBinary4.exe. This file contains the mass-mailing routine of the worm which means, the malicious-contain e-card would be sent to all email addresses in the Microsoft Outlook Address Book. The W32.Friendgreet.worm program is classified as dangerous because of their capability for opening holes or backdoors in targeted computers. Holes are opened for the purpose of allowing remote hackers to control the infected machine. Through the W32.Friendgreet.worm program, intruders can launch programs, transmit and receive data thru the Internet, vie classified information and reboot the system. Hackers can likewise use it to display notifications, execute malicious codes and delete data and other pertinent files.