|
Description:
This worm propagates via email using its own SMTP (Simple Mail Transfer Protocol) engine and stays resident in memory upon execution. It spreads via email by replying to all unread email messages on the target system, with itself as an attachment. It randomly chooses the file name of the email attachment from this list:
- Pics.ZIP.scr
- images.pif
- README.TXT.pif
- New_Napster_Site.DOC.scr
- news_doc.scr
- hamster.ZIP.scr
- YOU_are_FAT!.TXT.pif
- searchURL.scr
- SETUP.pif
- Card.pif
- Me_nude.AVI.pif
- Sorry_about_yesterday.DOC.pif
- s3msong.MP3.pif
- docs.scr
- Humor.TXT.pif
- fun.pif
The email that it sends out retains the subject and message body of the original unread email, while the name of the email sender is the username of the current user.
This worm also logs all keystrokes made on the infected system and steals all cached passwords. In addition, it modifies the registry and the configuration file, WIN.INI to enable its automatic execution every Windows startup.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 12, 2001 9:52:52 AM GMT -0800
Description updated: Oct. 12, 2001 1:37:37 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
