TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_BHARAT.A
Overview
Solution

Malware type: Worm

Aliases: Email-Worm.Win32.VB.ct (Kaspersky), W32/Rontokbro.gen@MM (McAfee), Bloodhound.Overpacked (Symantec), TR/Crypt.U.Gen (Avira), Mal/Packer (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Infection Channel 1 : Propagates via email

Infection Channel 2 : Propagates via network shares

Infection Channel 3 : Propagates via peer-to-peer networks

Infection Channel 4 : Propagates via IRC

Description: 

This worm propagates via network shares. It drops a copy of itself in certain shared folders.

It also propagates via email using Messaging Application Programming Interface (MAPI) to send its messages. It sends a copy of itself as an attachment to email messages it sends. It gathers target addresses in the Windows Address Book (WAB).

Furthermore, this worm propagates via peer-to-peer (P2P) networks. It drops copies of itself using different file names in certain hardcoded folders related to various P2P programs.

In addition, it propagates via Internet Relay Chat (IRC). It sends a certain message to target recipients, followed by a copy of itself.

It disables various system services. It also restarts the affected system once it detects certain processes running on the system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 27, 2007 3:58:08 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.