Aliases: I-Worm.PonyExpress, W32/Pony.worm.a, Win32.HLLW.Hoaxley.40960, W32/PonyExpr-A, Win32/
[email protected]
Variants: WORM_PNYXPRESS.A, Worm/PonyExpress, Win32:PonyExpress, I-Worm/PonyExpress,
[email protected],
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 21 Sep 2001
Damage: Low
Characteristics: The
[email protected] worm is a mass mailing worm that utilizes MS Outlook to spread itself to all the contacts in the address book of MS Outlook.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
The
[email protected] worm spreads its replicates on computers connected to the network. It also provides unauthorized access on the user’s computer. This feature is enabled by the backdoor functionality of the program. A remote user may issue commands on the computer by utilizing the opening created by the application. The remote commands are sent to the computer through an Internet Relay Chat (IRC) channel. An unauthorized user may perform several remote actions through the ports opened by the program. These remote activities include managing the installation of the application, viewing system information, transmitting the program to other IRC users and creating IRC accounts. The remote user may also disable firewalls and security programs on the computer.
The
[email protected] application may also execute programs the remote user sends. The remote hacker usually sends a Remote Administration Tool (RAT) and rootkit tool. The Remote Administration Tool (RAT) may allow the remote hacker to gain full control of the computer. It may download, upload, rename and delete files. The program may hide its presence in the computer. The application may terminate security programs such as anti-malware applications and personal firewalls. The
[email protected] program may also use a rootkit tool to hide its movements. The rootkit tool may also change the file names of core components of the program. This tricks the user in to believing that the files are a legitimate Windows file.