Aliases: Worm:Win32/Eliles.A,
[email protected], Email-Worm.Win32.Heck.a, W32/Eliles.A
Variants: TR/ElPerfecto, W32/Eliles-B, WORM_ELILES.B
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, Europe, North and South America
Removal: Easy
Platform: W32
Discovered: 16 Apr 2007
Damage: Low
Characteristics: The
[email protected] belongs a mass mailing class of Worms which have the inherent capability of spreading its codes using email messages. In most cases it makes use of compressed files as attachment to its email message. This particular malware has the capability of lowering the security settings of the infected system by terminating the firewall and antivirus protection of the machine. This can be used by an attacker to expose the machine to more threats.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
When launched in a vulnerable computer system, this malware will proceed to extract multiple files into the directory folder of the operating system. The
[email protected] will create various executable, command, text, and icon files needed to deliver its payload. Some of the files will serve as a container for the malware while others act as the script file that activates its mailing functionality. The
[email protected] has also been identified to place a variant of the SymbOS.Commwarrior into the infected computer system. This threat will target some critical tools of the operating system and infect them by appending an additional six bytes of data at the end of the file. The
[email protected] modifies the Windows Registry to be able to automatically load on system boot up.
The modification and lowering of the security settings of the infected computer system is also done by the
[email protected] from the Windows Registry. This is primarily because it will be harder to trace and undo. The will also take not of the computer user's activities by logging the actions into the ICO format file. Email addresses will be harvested by the
[email protected] from a number of different files found in the compromised machine. These contacts will be targeted by the
[email protected] which will use its own Simple Mail Transfer Protocol engine to infect remote computer systems.