[email protected]

Aliases: W32/Noomy-A, W32/[email protected], WORM_NOOMY.A, W32/Noomy.A.worm
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 14 Sep 2004
Damage: Medium

Characteristics: [email protected] is a mass mailer worm that spreads itself through the use of email. However, this creates its own HTTP server on TCP port 8800. It also utilizes mIRC platform or Internet Relay Chat sites. This invites users to download the worm from the HTTP server. All platforms of Windows Operating System can be affected by this virus.

More details about [email protected]

This has been known to steal private or confidential files or data from the compromised computer. Confidential email messages and or usernames and passwords can also be sold in the Internet. This information may lead to the hands of the black market. Since this makes use of email applications, it automatically collects email addresses from the compromised computer. Email messages spread are spoofed and variable. These may come in these subject forms: “Re: eCard Delivery Error:” Re: VoiceMail to - Delivery Error,” You`ve got 1 new eCard,” Re: Bad Request Server not found,” One new VoiceMail! ID,” One new eCard! ID,” ID: New eCard in your inbox,” ID: You got one VoiceMail! See online,” Num: One new eCard from,” Num: One new VoiceMail from,” Mail Delivery (error),” Re: Message Error! Mail,” Bad Request Server not found,” Re: Mail System Error - Returned Mail,” Extended Mail System ERROR,” Re: Mail Delivery Error,” Protected Mail Server invalid,” Re: Mail Delivery: - Error,” Re: MAIL Error num: - Returned mail: see transcript for details,” Warning!!” Why you SPAM?” Last notice! Regard ! Please read...” This is not OK !” Don't spam!!!!!” Question about YOUR SPAM!!” Information!You spam this email,” Last chance!STOP SPAM THIS EMAIL” and “I call spam POLICE! STOP!!!”

According to some reports, the [email protected] installs itself in the Windows System 32 folder, and then it modifies the registry enabling itself to be executed every time the system is started. This worm also enables another malware from a remote server to enter and attack the system. Sometimes it displays a fake message when run for the first time so that it can freely provide access to the malware entering the backdoor. This program may be removed from the computer through manual removal process and by installing an effective antivirus tool.