W32/Noomy-A, W32/[email protected]
, WORM_NOOMY.A, W32/Noomy.A.worm
Category: Computer Worm
Europe, North and South America, and some parts of Asia and Australia
14 Sep 2004
Characteristics: [email protected]
is a mass mailer worm that spreads itself through the use of email. However, this creates its own HTTP server on TCP port 8800. It also utilizes mIRC platform or Internet Relay Chat sites. This invites users to download the worm from the HTTP server. All platforms of Windows Operating System can be affected by this virus.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This has been known to steal private or confidential files or data from the compromised computer. Confidential email messages and or usernames and passwords can also be sold in the Internet. This information may lead to the hands of the black market. Since this makes use of email applications, it automatically collects email addresses from the compromised computer. Email messages spread are spoofed and variable. These may come in these subject forms: “Re: eCard Delivery Error:” Re: VoiceMail to - Delivery Error,” You`ve got 1 new eCard,” Re: Bad Request Server not found,” One new VoiceMail! ID,” One new eCard! ID,” ID: New eCard in your inbox,” ID: You got one VoiceMail! See online,” Num: One new eCard from,” Num: One new VoiceMail from,” Mail Delivery (error),” Re: Message Error! Mail,” Bad Request Server not found,” Re: Mail System Error - Returned Mail,” Extended Mail System ERROR,” Re: Mail Delivery Error,” Protected Mail Server invalid,” Re: Mail Delivery: - Error,” Re: MAIL Error num: - Returned mail: see transcript for details,” Warning!!” Why you SPAM?” Last notice! Regard ! Please read...” This is not OK !” Don't spam!!!!!” Question about YOUR SPAM!!” Information!You spam this email,” Last chance!STOP SPAM THIS EMAIL” and “I call spam POLICE! STOP!!!”
According to some reports, the [email protected]
installs itself in the Windows System 32 folder, and then it modifies the registry enabling itself to be executed every time the system is started. This worm also enables another malware from a remote server to enter and attack the system. Sometimes it displays a fake message when run for the first time so that it can freely provide access to the malware entering the backdoor. This program may be removed from the computer through manual removal process and by installing an effective antivirus tool.