[email protected]

Aliases: I-Worm.Zoek.b, I-Worm.Zoek.dll, [email protected], W32/Zoek.worm.d
Variants: I-Worm.Zoek.e, Win32/Zoek.E.Worm, [email protected]

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Sep 2001
Damage: Low

Characteristics: The [email protected] program is a worm that arrives as an email message which holds a link to an executable file. Once the executable file was run, it attaches and sends itself to all the contacts found on the Windows Address Book containing the same message.

More details about [email protected]

The [email protected] worm spreads via mailing itself to recipients extracted from the victim’s computer. It arrives as an email message that contains a link to an executable file, downloadable on a malicious Web site. The system may only be infected if the worm is executed on the victim’s machine. Once the executable file is downloaded and run, the worm mimics a screensaver with a note and a single button while creating a backdoor into the infected computer system. After which, the worm sets a registry key in order to decode the encoded backdoor server, and execute it. It then sends the same message to the collected email addresses. The email addresses collected were listed and found in the Windows Address Book of the infected device.

Once activated, the [email protected] worm creates several configuration and executable files such as “Tcasutaw.exe”, “Accountboy.ini”, “Installboy.ini”, etc. One of the files included is a backdoor component, in which once activated, creates a registry key value. Afterwards, it sends a copy of the email message having an email subject “Maxima Screensaver” and a URL link message body to all contacts found in the Windows address book and Outlook mail archive. The [email protected] self-replicates itself and may consume huge amount of system resources. This may result with a poor system performance, and may cause the device to become noticeably slow, unresponsive and unreliable.