Generic.PWS.WoW.95C6C567, Generic3.GPO, TR/PSW.43008
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
05 Mar 2007
The [email protected]
program is a mass mailing worm that infects Windows systems such as Windows 95, Windows 2000, Windows Me, Windows 98, Windows NT, and Windows XP. This worm spreads through e-mail.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Once [email protected]
is executed, it creates SetupV9.exe and Srvpl0.dll in the system folder. It creates the registry entry in order for the worm to run automatically when the Windows starts. This worm is claimed to hook the wow.exe application, which is related with the program “World of Warcraft”. This can steal account information on your program. The worm logs stolen data in the file as %System%\KBOutLook.log. [email protected]
collects e-mail addresses from your Outlook Express and from Windows Address Book. These e-mail addresses are as well stored in the KBOutLook.log file.The worm sends a copy of itself using commands of MAPI to the addresses collected. The e-mail has a subject entitled “Hi,I just get some imformation of the Blizzard Entertainment,pls kindly check in the attachment.”, “Chinese test missile obliterates satellite!” and “That souds best for us”. The message body talks about a missile and attached file is named as SetupV9.zip.
The worm as well sets the registry entries to affect the behavior of various versions of Outlook Express. [email protected]
infects htm, asp, html, jsp and php by inserting a link to the web site. The data that has been collected you’re your compromised computer is sent to a particular URL and creates a file in order to log errors.