W32/Midlak.A, I-Worm.Midlak, WORM_MIDLAK.A, Win32:Midlak-UPX, [email protected]
Email-Worm.Win32.Midlak, W32/Generic.worm.b, Win32.HLLM.Generic.270, W32/Klam-A, Win32/HLLW.Klam.A
Category: Computer Worm
27 Nov 2003
The [email protected]
is a mass mailing Worm variant that was packed using the UPX method. It is designed to make use of various transport mechanisms to spread its infection to other vulnerable computer systems. Among the identified media used by this malware include email messaging, Internet Relay Chat, and Peer to Peer file sharing networks among others. It delivers a payload of stealing sensitive data and deleting system critical files from the host machine.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
During the initial execution of the [email protected]
, it will attempt to create a copy of itself in the root directory of the main hard drive pretending to be a screensaver file of one of the popular Hollywood actresses. It proceeds by scanning for the presence of the shared folder associated with a Peer to Peer file sharing client. When found the [email protected]
will create multiple instances of its files into the folder using either the EXE or the SCR file format. Simultaneously it will overwrite the initialization file of the Internet Relay Chat client if available. The [email protected]
will also drop legitimate DLL, VBS, TMP, and TXT files which are intended to provide it with the ability to harvest addresses and send email messages.
The automatic loading feature of the [email protected]
is installed in the Windows Registry by the creation of a new key value. It scans for specific file extensions which are believed to store additional email addresses that can be attacked. The [email protected]
will send an email message presumably to its malicious author to report the successful infection of the host computer system. The [email protected]
will then retrieve from the Windows Registry the user's email address and use this to send messages with a malicious file attachment to all harvested contacts from the infected machine. It deletes INI, EXE, and SYS files.