[email protected]

Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 10 Nov 2001
Damage: Low

Characteristics: [email protected] is a worm that infects computers through the use of an email message. It is considered as a mass-mailing worm that automatically sends itself to all of the compromised computer’s Microsoft Outlook contacts. The email that this worm automatically mails contains this on its subject, “Though you might find this funny!” It also contains an attachment “Funny.scr.” This will not execute properly if a printer is not connected to the computer.

More details about [email protected]

It affects all Windows system namely Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. Internally, it is also known that it creates a vbs script file in the windows start menu programs. It is said that it infects the computer by creating files such as “C:\Protect.sys,”C:\Help.bat,”C:\Hide.bat,”C:\Login.scr” and “C:\Funny.scr.” It overwrites the C:\Autoexec.bat file with code that causes the dialer to dial 911 when you start the computer. It is also described as a multi-component email worm. This means that this worm spreads through packed executable file or what we normally know as word document. Upon opening or executing this file, the worm automatically installs itself on the compromised computer. Registry files or keys are also altered.

Aside from registry keys, Internet Explorer settings are also altered by changing the homepage to a Web page that is devoted to Timothy McVeigh. Then, it shows a message and Timothy McVeigh's picture. The [email protected] program may enter the system via e-mail messages. These may be generated by the worm application itself to spread infected files. The files are attachments that may be labeled as harmless e-cards. The worm application can also spread from computer to computer by using network shares. It may use system vulnerabilities to enter them. Common passwords and user names may also be guessed with a brute-force attack.