Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
|
Minimum DAT
4248 (2003-02-19) Updated DAT4248 (2003-02-19) |
Minimum Engine
5.1.00 File Length114,688 |
Description Added
2003-02-13 Description Modified2003-02-13 |
Malware Proliferation
Characteristics
This is a mass-mailing worm. When run, it gathers contact addresses from the Windows Address Book and send email to any address found. It uses its own SMTP engine to send mail. The email has following characteristics:
Subject (and Body): One of the following
- Gift for you
- Urgent NEWs
- EBAY Update
- Antivirus Update
- Urgent Windows UPDATE
- Hi, look this attachment
- Hello, please wisit this nice site
From: (random letters)@delfi.lt The worm copies itself to c:\windows\system directory. The file name consists of several randomly generated letters with .exe extension. It creates corresponding registry key in order to load itself at Windows start up:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "(random name)" = "(random name).exe"
Symptoms
Method of Infection
The worm sends itself to any user found in the Windows Address Book contact list.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Variants