Aliases: Email-Worm.Win32.Salga.a, W32/
[email protected],
[email protected], Win32.HLLW.Generic.95, W32/Salga-A
Variants: W32/
[email protected], I-Worm/Salga.A,
[email protected], Worm.Salga.A, W32/Salga.A.worm
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 27 Nov 2004
Damage: Medium
Characteristics: [email protected] propagates through the Internet as an attachment to infected messages. It also propagates via file sharing networks, IRC channels and open network resources. It sends a copy of itself to all email addresses found on the computer.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
There are two more ways on how
[email protected] propagates. First, in propagation via local and file-sharing networks, the worm creates copies of itself in all subdirectories on hard disks if the name of the subdirectory contains the word 'share'. These copies are stored in My Shared Folder, which it created earlier upon installation. It also copies itself to network resources that may be hidden. Second is the propagation via IRC. Through this, the worm rewrites the mIRC\script.ini and mIRC32\script.ini files in the program files. This enables it to send copies of itself to IRC users in the same channel as the victim machine. The copy is named “Britny spears marriage with Bnladen son.zip.exe”
The program creates and maintains an unauthorized network connection between remote systems and the user’s computer. The opening created by the
[email protected] application allows remote users to issue commands to the computer. The remote instructions may prompt the computer to download files from the Internet, terminate running processes, delete files and restart the system. The remote user may send the commands to the computer via Hypertext Transfer Protocol (HTTP).