Generic.Malware.SFM!prn.DA5CABEB, I-Worm/Brontok.DX, W32/Rontokbro.UF, W32/Worm.IKQ, Win32:[email protected]
Worm.Mail.Brontok.nt, Worm/Brontok.Q.12, Worm:Win32/Brontok.FC, WORM_BRONTOK.Q
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
25 Jan 2007
The [email protected]
program is a mass mailing worm, which gathers e-mail addresses on the Windows Outlook of the compromised computer. It as well propagates on local drives and via removable media devices. It affects windows platforms such as Windows 95, Windows 98, Windows XP, Windows NT, Windows Me, and Windows 2000.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
When the worm is executed, it creates files on User profile as Local Settings\Temp\Reply.exe, Local Settings\Temp\taskmgr.txt, spoolsv.exe and Local Settings\Temp\spoolsv.tme. Next, [email protected]
may as well create files such as Recycled.exe, Secret\Nice Sex.exe, Autorun.inf, 911 Death\911.exe, VDO\Nice Sex.exe, and Data Fair\Nice Sex.exe on all the drives. It as well creates, modifies and deletes registry entries in the registry. This worm is likely to modify autorun.inf file in an attempt to run the worm automatically whenever a removable media device is inserted in another computer. Then, it sends a copy of itself to e-mail addresses it gathered. The e-mail comes with a “Reply data folder” subject, a body message saying “Please Save Attachment File For Detail Data In File (Save Attachment and after that Open the DataFle Scan Virus)” and an attachment with a title Reply.exe.
The [email protected]
software may enter a computer when the user accesses websites that have expired security certificates or websites that are embedded with illicit codes. The program stealthily executes on the user’s computer. It is possible that this Trojan application launches each time the system is rebooted. This program is also capable of spreading threats to other computers. Propagation is done through shared networks. P2P (peer-to-peer) file sharing programs may aid is spreading these threats. Many of the files that appear in P2P applications are threats. They take the filenames of popular searches and downloads or legitimate programs to avoid suspicion from users. The users mistakenly download these files into their computers.