|
Description:
This memory-resident worm propagates via the Kazaa peer-to-peer file-sharing network. It also emails copies of itself to addresses with the following domains:
- email.com
- Earthlink.net
- Roadrunner.com
- yahoo.com
- msn.com
- hotmail.com
It sends email with the following format:
Subject: Hi, I sent you an eCard from BlueMountain.com
Message Body:To view your eCard, open the attachment
If you have any comments or questions, please visit
http://www.bluemountain.com/customer/index.pd
Thanks for using Bluemountain.com.
Attachment: BlueMountaineCard.pif
It spoofs the from field on its email messages, randomly selecting from a list of 94 strings in its body.
This worm, which runs on Windows 95, 98, ME, NT, 2000, and XP, drops a backdoor component detected by Trend Micro antivirus as BKDR_CULT.A.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 23, 2003 4:07:01 PM GMT -0800
Description updated: Mar. 23, 2003 4:07:04 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
