[email protected]

Aliases: [email protected]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 26 Apr 2006
Damage: Medium

Characteristics: [email protected] is a member of the family of mass-mailing worm which is also capable of opening a backdoor on the infected computer. It makes use of its own SMTP engine to send mass virus mail to email addresses that it collected. It is also a dropper of other worms or viruses if you visit an infected Web server. It will automatically download a virus file then execute it. The virus files include W32.Beagle, W32.Mydoom, Backdoor.Netdevil, Backdoor.Optix, Backdoor.Subseven and Backdoor.Kuang2.

More details about [email protected]

This lowers security settings and makes use of remote vulnerabilities. As such, this worm also steals private information on the compromised computer. This information may lead to the hands of the black market. Confidential email messages and/or usernames and passwords can also be sold in the Internet. The worm may also record keystrokes and takes screenshots of your computer. It may also steal or change passwords and or file password, credit card numbers, banking information and personal data. It can also be destructive, having the ability to also download malware on a compromised computer through which it can install remote-connectivity host software, keystroke logging software, modify firewall rules, remove or alter files, access rights on user accounts or files or even send inappropriate or even incriminate material from a customer's email account.

There were reports that the [email protected] application is a common occurrence in the Windows platform. It was said that this malware infects machines by being bundled with freeware programs downloaded from unsolicited sites on the Web. This malware allegedly infects external storage devices when it is connected to the infected machine. Security program developers believed that this malware program creates a file in the root directory of the removable storage media. The autorun.inf file may be created or modified to make the Windows Operating System load this malware’s files and components on the storage media onto the victim's machine. There is a possibility that the autorun.inf file may replicate if it is manually deleted by the user.