Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This memory-resident worm propagates by sending copies of itself as an attachment to email messages that it sends to target IP addresses using its own Simple Mail Transfer Protocol (SMTP) engine. Through the said SMTP engine, it is able to easily send email messages even without using other mailing applications, such as Microsoft Outlook. Click here to view a sample of the email message it sends out.
It arrives on a system as an attachment to a spammed email message. The said email message contains a password-protected .ZIP file, which contains a copy of this worm, as well as a binary file with a DLL extension.
The following is a screenshot of a sample email message:
Upon execution, it drops several files into specified locations, including a file detected by Trend Micro as TROJ_ROOTSERV.A. As a result, routines of the said Trojan, which includes hiding this worm's process, are exhibited on the affected machine.
It may also download possibly malicious files from several URLs. The machine is therefore further opened to other attacks.
In addition, it terminates several processes to prevent easy detection and removal.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 2, 2006 4:57:28 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
