Aliases: [email protected]
, I-Worm.Naked, W32/[email protected]
, WORM_NAKED.A, W32/Naked
Win32.HLLW.Naked, Win32/[email protected]
, W32/[email protected]
, I-Worm/[email protected]
Category: Computer Worm
South America, North America
06 Mar 2001
The mass mailing worm, direct action [email protected]
worm is a malware that masks itself as a Flash movie file. This malware will gather email addresses from the compromised system’s Outlook address book and then send infected mails to the gathered addresses. After its mass mailing routine, the worm will then try to delete some system files which can cause the system to be defective, necessitating a re-installation of the operating system.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Once a recipient clicks on the attachment of the infected email, the worm will send its copies via email and then begins to delete files. The files targeted by the worm for deletion include those with the file extensions .com, .exe, .dll, .bmp in the directory of Windows and the files with the extensions .bmp, .exe, .dll, .log and .ini in the system directory. The [email protected]
worm doesn’t install itself in the victim machine and doesn’t register itself in the registry. This direct action malware carries out its tasks only one being launched from the compromised attachment. It does however copy its code in the TEMP directory but does not use that duplicate. When activated, the worm will show a fake window with the logo of the Macromedia Flash Player and the message Loading.
The menus displayed in the fake windows displayed by the [email protected]
worm do not actually work, save for the Help menu. When users select the Help menu, the option About Macromedia Flash Player message appears and when the message is selected, the malware will display a message box. This message box will contain a vulgar message. The worn program can be used to change the files in the computer. The security settings may be lowered to prevent removal. The infected machine can be instructed to join in a DDoS (Distributed Denial of Service) attack. The computer resources can be used to bring down a remote server or website. The [email protected]
worm application can also be instructed to perform certain actions on IRC. This can include joining other channels and sending messages to other users.