[email protected]

Aliases: Bloodhound.W32.VBWORM, Email-Worm.Win32.Hunch.C, W32/Hunch-C, I-Worm/Hunch.C, WORM_HUNCH.C
Variants: Worm:Win32/[email protected], W32/[email protected], Hunch.C Internet Worm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 10 Apr 2002
Damage: High

Characteristics: Considered by many computer experts as one of the more destructive Worms in the computer industry, it has been known for deleting various files formats like DLL, OCX, and SYS among others. These files are normally stored in a single folder in the main hard drive. The [email protected] is a mass mailing Worm variant which has a dangerous payload of attempting to format the main hard drive of the infected computer system.

More details about [email protected]

Consistent with the characteristics of mass mailing Worms, the [email protected] harvests email addresses from the address book of the default email client of the operating system. The [email protected] will send a spiked email message to all the contacts using a variable named subject file and file attachment. When executed in the compromised computer system it will display a pornographic image on the computer screen. The W32.[email protected] will search for a specific folder on the main hard drive where a number of file formats will be completely deleted. This routine makes it impossible to restore the machine to a previous state. The Worm will create a copy of its codes into the same directory folder as the operating system usually with the EXE file extension.

The Windows Registry will be modified by the [email protected] to include a new key value allowing it to automatically load at system boot up or at every restart instance. Using a predetermined list of file formats, the [email protected] will scan the computer system for the presence of these files and randomly deletes five instances of every file format. A log file of deleted files is kept by this malware in a text file. The [email protected] will modify the batch file of the operating system to deliver its payload which is to initiate a reformat procedure on the next boot up.