[email protected]

Aliases: [email protected], WORM_LIAC.A, W32/Calil-A, W32/[email protected]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 01 Jul 82002
Damage: Low

Characteristics: [email protected] is a mass-mailing worm. It is written in Visual Basic. It attempts to use Microsoft Outlook to send email to all contacts in the Windows Address Book (WAB) when the worm is executed. The worm is packed using a known executable file packer.

More details about [email protected]

Once the worm W32.Liac.A is executed, it displays the message that contains: “Title bar: Windows” and “Message: Error54: Media Player not installed correctly”. It then attempts to copy itself to the Windows temporary folder. The worm uses hardcoded folder names such as C:\Win98\Temp, C:\Win95\Temp, or C:\Winnt\Temp. Then, it attempts to ensure that it automatically runs every Windows startup by adding a value to the registry. The worm then attempts to use Microsoft Outlook to forward email to all contacts in the Windows Address Book. The email that it sends out will contain: “Subject: FW:FW: LILAC project video attach”, “Message: Things that the govt. dont want you to know”, and “Attachment: LILAC_WHAT_A_WONDERFULNAME.avi.exe”. This routine may have some bugs and sometimes have no attachment. Sometimes, the worm may display the message: “Your PC is infected with LILAC viruys by: xEnOcrAtEs”.

According to some websites, the W32.Liac program usually gets into the computer by taking advantage of the flaws in the operating system. It can also be gained by visiting a malicious website and by using peer-to-peer applications or other programs that utilizes a shared network. The W32.Liac application is capable of monitoring the browsing habits of its victim. It does this by utilizing the applications that it has installed into its infected computer. It utilizes malicious codes to repetitively download new variations of malicious codes as well as adware. And because of its fraudulent activities, its victim’s personal files and data are positioned at severe risk of being taken by an illicit individual or a hacker.