[email protected]

Aliases: pusia.a
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 15 Jun 2007
Damage: Low

Characteristics: [email protected] was discovered on June 15, 2007. This is a worm that collects email addresses that sends itself to those gathered contacts. The worm also includes links wherein other files that contain malicious threats are downloaded. This mass-mailing worm affects operating systems of Windows 2000, 95, 98, Me, NT, Server 2003 and XP.

More details about [email protected]

Once [email protected] is executed, it creates03.vbs, 04.vbs, 05.vbs to the %Windir% folder and pusia.cat, pusia.pkv, pusia.pkr to the %SystemDrive% folder. Then, the worm creates and modifies some system registry entries. Also, the worm scans a particular system registry subkey then stores any information in the pusia.cat file under the folder %SystemDrive%. This file is emailed to the attacker. Afterwards, the worm scans Mra under Application Data folder in %UserProfile% where it gathers email addresses. Then the worm sends emails to the addresses collected. The email contains a URL to link to the copy of the worm or other malicious threats. One email is sent every 65 seconds.

Users may have unknowingly installed the [email protected] application. It may have been attached to other seemingly legitimate software. Several creators of malware programs typically make their products appear like legitimate applications to convince users to download them. Their programs are usually made available in file-sharing networks. Some are distributed through e-mails and instant messages. Others enter the system through IRC or Internet Relay Chat.