[email protected]

Aliases: [email protected], W32/Porkis-A,I-Worm.Borzella
Variants: Win32.Borzella, WORM_PORKIS.A, Storielle, W32/[email protected]

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Europe
Removal: Hard
Platform: W32
Discovered: 19 Mar 2002
Damage: Low

Characteristics: The [email protected] application utilizes its SMTP engine. When this worm is launched, it replicates itself to C:\Windows\Dllr.exe. It also shows 7 massages in Italian.

More details about [email protected]

This worm application allows a user from a remote location to act as the system’s administrator. The remote user can send some commands to the worm program through IRC (Internet Relay Chat) channels. The remote user is capable of downloading and executing files and programs, removing important files from the affected computer and starting or participating on web attacks against various servers. The worm program can also get information regarding the affected computer. This includes the RAM (Random Access Memory), the user’s IP (Internet Protocol) address, the operating system and the programs that are installed on the user’s computer. The user’s PII (Personally Identifiable Information) can also be transmitted to the remote user.

The [email protected] program may download and install additional applications such as spyware programs and advertisement applications. The application may also download and install malicious applications without the knowledge of the user. The unsolicited files may be from remote servers in the Internet. The [email protected] program automatically executes these programs without notifying the user. The [email protected] application also exploits the security flaws of the computer. It can also take advantage of errors found in existing applications particularly the anti-malware program. These faults may leave the computer vulnerable to other malware applications. This exposes the system to many threats. Dubious programs can freely move in the infected computer without acknowledging the user.