[email protected]

Aliases: Constructor.Win32.Caznova.11, W32/[email protected], WIN.SCRIPT.WORM.Virus, Virtool:Win32/Caznova.B,
Variants: TROJ_VBWORM.A, Worm.Godog, Constructor/Caznova, NewHeur_PE,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 20 Mar 2003
Damage: Low

Characteristics: The [email protected] application is a worm that utilizes Microsoft Outlook to multiply itself.

More details about [email protected]

The [email protected] program is a worm that utilizes MS Outlook to multiply itself. The email appears w/ the following characteristics: “Subject: ."REMEMBER THE TIMES !!!?”, and “Attachment: Popey.scr”. When the [email protected] worm is opened, it may show fake error messages that have a title "Popeye ScreenMates” and "POPEYE SCREEN SAVER". The worm is made in Microsoft VB or Visual Basic. Take note that virus definitions that are not updated may detect this worm as “Bloodhound.W32.VBWORM”. If the [email protected] is opened, it duplicates itself as “C:\Popeye.scr”. The worm change the following values: “RegisteredOrganization JAPON” and “RegisteredOwner POPEYE” in the registry key. [email protected] spreads email making use of MS Outlook. The email is arranged as “Subject: .""REMEMBER THE TIMES !!!?”, “Message: AWESOME !!! 3-D ScreenSaver For Windows 9x/Nt/Xp. Send It To Your Friends !!!”, and “Attachment: Popey.scr”. Then the worm shows the fake error message.

The [email protected] worm uses SMTP to propagate the computer worm to other computers. The [email protected] worm application collects the contact list saved in the computer and sends e-mails to the addresses. The spam e-mails are sent with the use of the SMTP engine. The infected computer’s name will serve as the name of the sender of these e-mails. This may trick the recipient into opening the e-mail. The computer worm automatically install when the e-mails are opened.