|
Description:
This non-resident worm is a dropped component of the file infector PE_MTX.A.
This worm hooks Windows socket functions, allowing it to propagate via email and prevent users from visiting certain Internet sites.
To propagate via email message, it monitors email activity on the infected machine. It sends a corresponding message to the same recipient for every message that is sent through the infected machine. It sends email with no subject or message body, but with a copy of itself as attachment. The attachment can have any of the following file names:
- README.TXT.pif
- I_wanna_see_YOU.TXT.pif
- MATRiX_Screen_Saver.SCR
- LOVE_LETTER_FOR_YOU.TXT.pif
- NEW_playboy_Screen_saver.SCR BILL_GATES_PIECE.JPG.pif
- TIAZINHA.JPG.pif
- FEITICEIRA_NUA.JPG.pif
- Geocities_Free_sites.TXT.pif
- NEW_NAPSTER_site.TXT.pif
- METALLICA_SONG.MP3.pif
- ANTI_CIH.EXE
- INTERNET_SECURITY_FORUM.DOC.pif
- ALANIS_Screen_Saver.SCR READER_DIGEST_LETTER.TXT.pif
- WIN_$100_NOW.DOC.pif
- IS_LINUX_GOOD_ENOUGH!.TXT.pif
- QI_TEST.EXE
- AVP_Updates.EXE
- SEICHO-NO-IE.EXE
- YOU_are_FAT!.TXT.pif
- FREE_xxx_sites.TXT.pif
- I_am_sorry.DOC.pif
- Me_nude.AVI.pif
- Sorry_about_yesterday.DOC.pif Protect_your_credit.HTML.pif
- JIMI_HMNDRIX.MP3.pif HANSON.SCR
- FUCKING_WITH_DOGS.SCR
- MATRiX_2_is_OUT.SCR zipped_files.EXE BLINK_182.MP3.pif
The file attachment is a copy of this worm that is infected with its dropper, the PE file infector PE_MTX.A.
This worm runs on Windows 95, 98, NT, ME, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Nov. 21, 2001 4:50:14 AM GMT -0800
Description updated: Apr. 9, 2003 6:12:22 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
