[email protected]

Aliases: W32/Acid-F
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 20 Mar 2007
Damage: Low

Characteristics: The [email protected] program is a worm that spreads and copies itself as an executable file with a file size of 49,152 bytes. Once executed, it attaches and distributes itself to email addresses found on the infected computer’s Windows Address Book.

More details about [email protected]

The [email protected] program is a worm created to affect mainly Windows Operating System. It copies itself as an executable file and creates a text file which is a base64 encoded version of the worm. The [email protected] worm is also capable in creating a registry entry that runs every time Windows is started. It then collects email addresses from the infected device’s address book. The program then sends emails containing an executable file with blank message body to gathered addresses using its own SMTP engine.

Once the [email protected] worm has infected a computer, it immediately does propagate itself via sending a copy to email addresses found on Windows address book. It comes as a forwarded message from someone named Feng Suzhong, having a subject of “Love cannot be forgotten,” with an executable file called “LoveMe.exe” attached in the mail, which immediately activates once the email is previewed on the window pane. The [email protected] easily spreads, but removal in the system is rather easy as well.