|
Description:
This memory-resident WORM_AHKER variant is known to propagate via email. It arrives as an email attachment that when run, drops the file SERVICES.EXE in the Windows folder.
The email it sends out contain the following information:
Subject: Service Pack 2 BUG!!
Message Body:
Dear user I have been informed thate there was a BUG in Windows Service Pack 2 which was fixed I recommend you to download this Patch version which will fixs the bug and keep your system safe.You will find the Patch file in the attachment, feal free to send it to anyone. I'll be in touch with you as soon another bug is found.
Regards,
A.H
Attachment: FIX_SP2.ZIP
The .ZIP attachment is downloaded by the worm from the following Web page:
-
http://geocities.com/vip_asshole/ahkerb.zip
Users are advised not to open files that are attached to email messages that have the above mentioned subject and body text.
It also disables a number of programs bundled with Windows, such as the following:
- regedit.exe (Registry Editor)
- notepad.exe (Notepad)
- wordpad.exe (Wordpad)
- msnmsgr.exe (MSN Messenger)
- write.exe (Wordpad)
- wuauclt.exe (Autoupdate manager for Windows ME)
- wupdmgr.exe
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 22, 2005 11:09:15 AM GMT -0800
Description updated: Jan. 23, 2005 9:35:40 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
