I-Worm.Serab.c, W32/Serab.worm.gen, W32/Serab-C, Win32/[email protected]
WORM_SERAB.C, W32/Serab.C, Win32:Serab-B, I-Worm/Serab.C, [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
06 Oct 2003
This worm is a threat classified as a Mass Mailer. A mass mailing worm is an independent malicious code that multiplies by sending itself by the use of email.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
program copies itself to the hard disk and modifies the registry to ensure that it loads automatically every time the computer boots up. It then harvests e-mail addresses from the hard disk. It automatically sends itself through e-mail by directly connecting to the recipient's Simple Mail Transfer Protocol (SMTP) server. When the [email protected]
program executes, it copies itself to “WindowsWinpof.exe” in the drive C. Then the worm virus crashes the “WindowsSera.vbs” at drive C and then opens it. After that, this script mass mails itself to all the contacts in MS Outlook. The email has a subject “Wow! It Should be seen!” and a message body “Hi dead friend. Press the attached file!” with the “windowswinpof.exe” in drive C attachment. The [email protected]
program may exploit the security flaws of the computer. It may particularly disable antivirus and firewall applications. It hides its own processes, files and registry changes using a kernel-mode rootkit. It may also install backdoor applications in the infected computer. These backdoor applications may be used by other worm programs to gain entry in the computer system.
The program drops additional files into the user’s computer. The [email protected]
application is often utilized by other malware programs to retrieve components from online sources. These components may include rootkit tools and data mining applications. The files dropped by the program are utilized by malware applications such as Remote Access Tools (RATs), keyloggers, monitoring software, adware programs and worms. The [email protected]
program uses a backdoor application to communicate with remote servers on the Internet.