Category: Computer Worm
Active & Spreading
Asia, Europe, Australia, North and South America
23 Mar 2007
According to majority of antivirus developers, this particular Worm variant is designed to deliver Web browser hijacking functionality as its main payload. The Web browser is redirected by the [email protected]
to a website possibly controlled by its malicious author. The [email protected]
may enter a vulnerable computer system via spiked email message. The message sent by the [email protected]
makes use of a randomly chosen subject line with an equally randomly generated filename.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This particular malware variant was designed by its malicious author to target computer systems that operate at a specific language set. The [email protected]
would normally on its initial execution verify whether the compromised computer system is using either the Persian of Arabic language. If the malware finds that it is neither, it will immediately terminate all of its routines. However, if the language set of the computer system meets the condition of the [email protected]
, it will proceed to generate two TMP format files into a temporary folder of the main hard drive. The two temporary files dropped by the [email protected]
malware contain the instruction sets required by the malware to attain mass mailing functionality and spread its codes.
After it has installed the necessary file components into the infected computer system, the [email protected]
will scan the address book of the default email client as well as contents of the address book of a popular Web mail host. The retrieved email addresses by the [email protected]
from the two sources will be used as the next targets for its propagation routine. The [email protected]
will send all the gathered email addresses a message that contains a copy of its codes. The subject and message body is chosen from a predefined list while the filename of the attachment is randomly generated.