W32/Higuy-A, W32/[email protected]
, WORM_HIGUY.A, win32.frantes.a, worm_porkis.a
troj/dloader-ym, [email protected]
, w32/porkis-a, [email protected]
, [email protected]
Category: Computer Worm
North America, South America, Europe, Asia, Africa, Australia
14 Jun 2002
The [email protected]
like typical mass mailing Worms is capable of harvesting information stored in the Windows Address Book. It makes use of the Simple Mail Transfer Protocol to send its codes to all the email addresses it has collected from the compromised machine. Consistent with the characteristics of these types of threats, it also includes an executable file attachment which the recipient must execute to being the Worm's infection routine.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
After successfully entering a vulnerable computer system, the [email protected]
will attempt to extract a copy of itself using an EXE file extension. The infected machine will also experience the display of a message box using the word Error as its title. This message box will inform the unsuspecting computer user that there is a problem with a specific Dynamic Link Library file on the computer system. The message of course is bogus and generated mainly by the [email protected]
to hide its background operation of modifying the Windows Registry keys as well as harvesting email addresses from the Windows Address Book. The [email protected]
will use its built-in Simple Mail Transfer Protocol engine to send out the spiked email messages to all contacts it has retrieved.
The subject line of the email message sent by the [email protected]
normally contains the word Incredible, Incredibile, Qualsiasi, or Urgente. The message body itself is designed in such a way that it will convince the recipient to launch the accompanying executable file attachment to infect the computer system. The [email protected]
may takeover the user's account to give the sent email message an air of authenticity. The [email protected]
has been closely linked to the use of TCP port 5001 during the execution of an unsecured backdoor on the compromised machine. The backdoor feature is an alternative to the fake message display.