I-Worm.Sponbob, W32/[email protected]
, Win32.HLLM.Generic.33, W32/Alcaul-AC, Win32/[email protected]
WORM_SPONGE.A, W32/Sponge.A.1, W32/[email protected]
, Win32:SpongeBob, I-Worm/Sponge,
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
30 Oct 2002
The [email protected]
application is a mass mailing worm that utilizes Microsoft Outlook to multiply itself to all contacts in the address book of Microsoft Outlook.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
program is a mass mailing worm that utilizes Microsoft Outlook to spread itself to all contacts in the address book of the Microsoft Outlook. The email has the subject “Spongebob Wallpaper” and attachment “Spongy.exe”. The [email protected]
overwrites .pif and .scr files in all folders apart from the root folder. The worm adds code to the end of .htm files in all folders aside from the root folder. The [email protected]
has a universal component that is utilized to contaminate MS Word files and the global template “Normal.dot”. The worm is detected as “W97M.Sponge”. It is written in the Microsoft VB programming language and compressed making use of UPX.
When the [email protected]
worm runs, it creates 2 hidden subfolders which is “C:\%windir%Kn0x3” and “C:Explore”. Then the worm duplicates itself as “C:\%windir%kn0xace1.com”, “C:ExploreHelp.exe”, “C:Porno.scr”, “C:Jokes.pif”, “C:SpongeBob_Game.exe”, “C:SpongeBob.scr”, and “C:SpongeBob.com”.
The characteristics of the files SpongeBob_Game.exe, Jokes.pif, SpongeBob.com, and SpongeBob.scr and are modified to hidden and read-only. It makes “C:SpongeBob.eml”. This is an e-mail file that contain the worm as it attachment. It changes all .pif and .scr files in all folders apart from the root folder. It adds code to all “.htm” files in all folders apart from the root folder. The code is intended to open the worm from the contaminated files, but it can’t do so since a threat in the code.