Email-Worm.Win32.Scorpion, I-Worm.Scorpion, W32/Scorpio, Win32.HLLW.Scorpo, W32/Scorpio-A
WORM_SCORPION.A , Worm/Scorpion , Win32:Scorpion , I-Worm/Scorpion ,
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
30 Aug 2001
The [email protected]
program is a mass-mailing worm made to steal confidential information, and deletes all system files from the infected computer. It spreads by sending itself to addresses found in the Windows Address Book.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
is intentionally programmed to steal information from the infected computer. It is written for a Windows operating system, multiplies and spreads its copies in local computer network via security holes on vulnerable machines connected to the network. To do this, it connects to a SMTP server which is obtained from the default settings of the system. The worm sends emails immediately upon the first startup, then in time intervals. The [email protected]
also consumes large amount of system resources that may cause the slow and unresponsive performance of the device, resulting to an unreliable system, and in worst cases, destroys the system. This is because this worm installs itself into the system as a hidden application. The [email protected]
worm is written in Delphi language having about 370kb in size.
When the [email protected]
worm is executed, it copies itself as an executable file. It then attempts to delete Windows files having system and system information file extension. It also creates a registry entry on the infected computer’s registry key to launch the worm every time Windows would start. The [email protected]
worm collects email address from Windows Address Book. It then sends itself to the collected email addresses having characteristics of an Italian email. Its subject and message body is completely written in Italian language. The email also has an executable file attachment. The [email protected]
worm is made to attack and affect Windows systems.