Downloader.Small.5.AE, Trojan-Downloader.Win32.Small.jb, Trojan.Downloader.Wallon.A, TROJ_WALLON.A, W32/DLoader.DDVY
W32/Downldr2.AEIU, W32/Wallon.worm.gen, Win32:StartPage-007 [Trj], Worm:Win32/[email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
11 May 2004
The [email protected]
application is a mass mailing worm. It sends e-mail messages that contain a link to download the worm from particular URLs. It as well collects the e-mail addresses on an infected device. The worm affects Windows 95, Windows 2000, Windows Me, Windows 98, Windows Server 2003, Windows NT, and Windows XP
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
is an e-mail with a hyperlink in the body of the message. The e-mail utilizes Internet Explorer vulnerability and exploits Microsoft Security Bulletin MS04-013 and Microsoft Security Bulletin MS04-004 to show an obfuscated hyperlink. Clicking these links redirects you to a site where in you will download "wmplayer.exe" your Media Player. The site can attempt to use an Outlook Express, mentioned in Microsoft Security Bulletin MS04-013, to download the file and execute it. Since the worm intends to overwrite your Windows Media Player, any attempts to open this program on an infected PC will get a copy of the worm.
The [email protected]
software can execute a number of commands on the system. These are done without the user’s consent. The program typically runs in the background. It may remove security programs so that it can run without being detected. The user’s data files may be copied or deleted suddenly. The disk drive may be opened and closed unexpectedly. Computer activities may be monitored using a keylogger function. Webcams may be suddenly turned on to capture images. The infected computer can also be used for remote server attacks. These commonly involve sending large amounts of information to crash a web server.