I-Worm.gen, W32/[email protected]
, Win32.Brother, W32/Livecam-A, Win32/[email protected]
WORM_LIVCAM.A, Worm/BigBrother.Pol, Win32:Trojan-gen., I-Worm/Livcam, [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
01 Aug 2002
The W32.Siltund.Worm is a mass mailing worm. It looks for email addresses in .htm* files that are in current users personal folder, and sends itself to all address books that it finds.
W32.Siltund.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Siltund.Worm from your computer.
More details about W32.Siltund.Worm
The W32.Siltund.Worm program is a mass mailing worm. It looks for email addresses in .htm* files that are in current users personal folder, and sends itself to all address books that it finds. When W32.Siltund.Worm opens, it duplicates itself as “C:\%windir%\Temp\000000s.b64” and “C:\%system%\b1g_brother.exe”. The qualities of these 2 files are modified to read only and hidden files. Just take note that “%windir%” is a variable. The W32.Siltund.Worm program looks for the “\Windows” folder (by default, this is C:\Winnt or C:\Windows) and duplicates itself to the “Temp” folder under that particular location. “%system%” is also a variable. The W32.Siltund.Worm program searches for the “\Windows\System” folder (by default, this is C:\Winnt\System32 or C:\Windows\System) and duplicates itself to that specific location. To cause the W32.Siltund.Worm to run when you open your Windows, the worm puts the “run=C:\%System%\b1g_brother.exe” line into the Windows division of the “C:\Windows\Win.ini” file.
The W32.Siltund.Worm program makes the “C:\%windir%\Temp\00000b.rat” files. The .rat file is in e-mail format and has the worm as its attachment. The W32.Siltund.Worm program gets the SMTP server’s info from the registry key. It gets the private folder name of the user from the registry key. The W32.Siltund.Worm program then looks for email addresses in all “.htm” files that are inder the private folder. The worm utilizes its SMTP engine to spread itself to all email addresses that it locates. The email messages have these contents “From: “BIGBROTHER TVN POLSKA" [email protected]
, Subject: BIGBROTHER SHOW!, Message: Teraz mozesz ogladac BIGBROTHER SHOW za pomoca komputera! Jak to zrobic? Wystarczy ze uruchomisz specjalny program, ktory zostal dolaczony do wiadomosci. Ponadto za pomoca tego narzedzia mozesz nominowac wybrane przez ciebie osoby, do opuszczenia domu Wielkiego Brata. Co miesiac rozlosowane beda nagrody (telewizory, wieze stereo, komputery ...i wiele ,wiele innych). Prosimy przysylac opinie i komentarze na temat programu. Zyczymy milej zabawy: Redakcja program”.