[email protected]

Aliases: Email-Worm.Win32.Levona.b, W32/[email protected], WORM_LEVONA.C
Variants: Worm/Levona.B, Worm:Win32/[email protected], Mal/Behav-217

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 27 Sep 2006
Damage: Low

Characteristics: Belonging to the mass mailing Worm category, the [email protected] is normally sent to other vulnerable computer systems as a file attachment to spiked email messages. The file attachment normally mimics a legitimate screensaver format to trick the computer user into executing it. It can also make use of file sharing networks to infect other machine. It can also hijack the Web browser by modifying the default homepage.

More details about [email protected]

The [email protected] executes into an infected computer system by initially extracting numerous file traces. The files associated with this malware usually make use of the EXE, TMP, RENOVA, and HTM file extensions. The Windows Registry of the compromised machine will be modified by the [email protected] to gain automatic startup functionality at every restart or boot up instance. The Windows Registry service of the infected computer system is likewise used by the [email protected] malware in order to disable the different monitoring tools to conceal its presence. This malware may replace some files by moving their location to the directory folder of the operating system and a spiked file will be placed in its original folder storage. It may replace the default extension with the RENOVA format.

The [email protected] will mark the infected computer system with mutexes to make sure only two instances of the Worm is running at any time. It will attempt to send a copy of itself to other computer systems by attaching its codes to a spiked email message. The may also use Peer to Peer file sharing networks to spread its infection to other systems. It will place an executable copy of itself into the shared folder used by the Peer to Peer file sharing program. When the MY PICTURES folder is opened the [email protected] will rename the window title to RENOVA.