[email protected]

Aliases: Email-Worm.Win32.Scorpion, I-Worm.Scorpion, W32/Scorpio, Win32.HLLW.Scorpo, W32/Scorpio-A
Variants: WORM_SCORPION.A , Worm/Scorpion , Win32:Scorpion , I-Worm/Scorpion , [email protected]

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 30 Aug 2001
Damage: Low

Characteristics: The [email protected] program is a mass-mailing worm made to steal confidential information, and deletes all system files from the infected computer. It spreads by sending itself to addresses found in the Windows Address Book.

More details about [email protected]

The [email protected] is intentionally programmed to steal information from the infected computer. It is written for a Windows operating system, multiplies and spreads its copies in local computer network via security holes on vulnerable machines connected to the network. To do this, it connects to a SMTP server which is obtained from the default settings of the system. The worm sends emails immediately upon the first startup, then in time intervals. The [email protected] also consumes large amount of system resources that may cause the slow and unresponsive performance of the device, resulting to an unreliable system, and in worst cases, destroys the system. This is because this worm installs itself into the system as a hidden application. The [email protected] worm is written in Delphi language having about 370kb in size.

When the [email protected] worm is executed, it copies itself as an executable file. It then attempts to delete Windows files having system and system information file extension. It also creates a registry entry on the infected computer’s registry key to launch the worm every time Windows would start. The [email protected] worm collects email address from Windows Address Book. It then sends itself to the collected email addresses having characteristics of an Italian email. Its subject and message body is completely written in Italian language. The email also has an executable file attachment. The [email protected] worm is made to attack and affect Windows systems.