Aliases: W32/Roaller.B, W32/Roaller.worm.gen,
[email protected], Worm:Win32/
[email protected], Worm.Mail.Roaller.b
Variants: W32.Logex.B, Email-Worm.Win32.Roaller.b, Email-Worm.Win32.Logitall,
[email protected], Worm:Win32/
[email protected]
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Fast
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 01 Oct 2003
Damage: Low
Characteristics: Typical with the characteristics of mass mailing Worms, the
[email protected] will harvest email addresses stored in the infected computer system. These email addresses become the target of the malware where it will send a copy of its codes to spread its infection. It will connect to a predetermined FTP server assigned by the malicious author to upload information about the compromised machine. The stolen data may be used to launch an attack on other networks.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
The
[email protected] unlike many malware creates its own folder rather than use the directory location of the operating system. This folder of the malware is used to store a log file which is actively updated by the malware as it continuously runs on the infected machine. Another text file is generated by the
[email protected] in the directory folder of the operating system. This other text file is used to store stolen system specific data gathered by the malware. The
[email protected] will verify the system date and if its value is later than September 2003, the malware will terminate. An executable file is dropped into the root directory of the main hard drive if it is not yet present.
The
[email protected] will attempt to automatically load on system startup by modifying the contents of the Windows Registry and adding its own key values. The malware will initiate a connection to a remote server to check for code updates that the author may have done. The
[email protected] will scan the hard drive for PWL and DOC format files along with email addresses and cached passwords. Any data that is retrieved is stored by the
[email protected] into its previously created log file. The malware will scan for available MAPI connections and use its SMTP engine to send itself to predetermined addresses.