BackDoor.Generic7.BIO, Backdoor.Win32.Bifrose.afz, BDS/Bifrose.afz, Trojan-Downloader.Win32.Small.eqp
W32/Bifrose.NMX, W32/Malware!ab6b, [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
The [email protected]
program is a worm detection that self-replicates recursively. The worm spreads to other systems, which will then propagate [email protected]
further. This mass mailing worm is claimed to drop a remote access trojan and sends itself to e-mail addresses found on the local system. Currently, this worm is not capable of sending itself to others because the hard coded mail server utilized has turned off.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
has 2 parts: the host program and the worm component. This two parts are UPX compressed Delphi programs. The host program could be spread via IRC channels. It is a program that shows malicious images. Once it is run, it duplicates itself as MSsecu.exe in the Windows and displays the images. It would then drop the worm component as WinSystem.exe to run the worm every time the windows starts. The worm is claimed to search all .html, .htm,. .asp, php, and Readme.txt files on your system for e-mail addresses to use for duplication. The recovered e-mail addresses are saved in your windows. [email protected]
replicates using its own SMTP engine and sending e-mail to the addresses that it formerly recovered. The e-mail message contains a WARNING : Black_Piranha as its subject and a MSsecu.exe attachment.
The [email protected]
program is disguised as a clean file. Users are often tricked into thinking it is a system tool or an entertaining presentation. It may be received in an e-mail or instant message from an unknown person. It may be an attached file or embedded link to an infected server. It is possibly downloaded from websites, forums, or peer-to-peer (P2P) file sharing programs. Drive-by-downloads and downloader applications can also cause the infection.