Category: Computer Worm
Active & Spreading
20 Dec 2006
Characteristics: [email protected]
is a mass-mailing worm. It infects Windows systems and propagates through email. This particular worm attempts to steal banking information from the infected computer.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The mass mailing worm [email protected]
spreads through email. The subject of the email will be any of the following: hello, Re:hello, postcard, how are you?, Nissan skyline. The body of the email will be any of the following: helo dear friend, nissan skyline is cool!, You have got the postcard from your friend. The name of the email will be any of the following: cool.scr, work.exe, coolcar.scr, clickme.exe, behappy.scr. When run, the worm executes the fileojsps.exe if it exists. The worm creates a mutex called wkoddr1. It gathers email addresses from files with the extensions: adb, asp, dbx, eml, fpt, inb, mbx, php, pmr, sht, tbb, htm, txt, and wab. The worm attempts to steal banking information when a user visits certain URLs. The stolen information is then sent to another URL.
The W32.Koddr[email protected]
program may be spread via e-mails or instant messages. It may be labeled as a software patch or e-card. This is so users will allow it access to the computer. The application may be in a link or file attachment. Downloader software, peer-to-peer (P2P) file sharing networks, IRC as well as freeware and shareware websites may spread the infection too. The malicious file may be posted on gaming forums and websites as game patches or updates. This allows the malware program author to target players of certain games.