[email protected]

Aliases: [email protected], Win32/Nogrov.A
Variants: W32/Nogrov.A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 20 Jul 2003
Damage: Low

Characteristics: [email protected] is a mass mailing email worm that contains a self-contained malicious code that propagates by sending itself via email. The email will have a various subject lines as well as attachment names. The most popular of all email messages contain the following:” You Will Die:)” and “Seak is here,hahahahaha.” If you this message, make sure not to open it or any of its attachment for it will activate the worm and its infection routine. The attachment will have an “.exe” file extension. Typically, a mass mailing email worm uses its own SMTP engine to send itself.

More details about [email protected]

During its infection process, it normally sends a zipped copy of itself to all contacts in the Windows Address Book. It also modifies the Internet Explorer homepage to point to a virus exchange website. This proves that it can also steal confidential information from the compromised computer. The worm may also record keystrokes and takes screenshots of your computer. This action tends to steal sensitive and confidential information saved and or opened in your computer.

The [email protected] program may provide various control capabilities for the remote attacker. Some sources state that there is no limit to what hackers can do with tools similar to this one. It may allow that through its three parts, which are the server, client, and editor. The remote hacker can send commands to the [email protected] program through the client installed in his computer. The malware, on the other hand, will receive the command through the server installed in the infected computer. The server is also responsible for performing the hacker’s commands. Meanwhile, the editor is a supplementary tool that will allow the hacker to define the specific capabilities and limitations of the remote access tool.