Win32.Maldal.C, [email protected]
, [email protected]
, Virus Profile: W32/[email protected]
Win32/Maldal.A.Worm, Win32/Maldal.C.Dropper, Win32.Reeezak, W32/Zacker.C
Category: Computer Worm
Active & Spreading
North and South America, Europe
19 Dec 2001
Considered as a type of mass mailing Worm, this malware makes use of the default email client of the operating system in order to spread its infection to other computer systems. The [email protected]
is capable of hijacking the Web browser by modifying the original homepage to one that is specifically chosen by the malicious author. The homepage used as default is closely associated with another potentially dangerous application that can exploit the active Internet connection.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Since this particular malware was written using the Visual Basic programming language, it requires the execution of the Visual Basic runtime libraries in order to correctly run its intended routines. The [email protected]
will retrieve all the email addresses of the contacts found in the default email client. These addresses will be targeted by the malware to spread its codes. The recipients will get an email message with the subject "Happy New Year" and an executable file attachment associated with the [email protected]
malware. The Windows Registry will be modified to replace the computer name to a value pre-selected by the malicious author. The [email protected]
will display the text "From the heart. Happy new year !" on the screen and freezes the keyboard.
The [email protected]
will replace the default homepage with a malicious website which when clicked by the unsuspecting computer user will redirect the Web browser to cause the downloading of a malicious Visual Basic Script file. Once successfully downloaded the file will be executed by the [email protected]
into the vulnerable machine. The new VBS format file will create a new HTM file into the directory folder of the operating system and target files that use the ASP, HTML, and HTM extension. A political message will be displayed on the screen and the [email protected]
will attempt to illegally terminate the operating system.