|
Description:
This worm propagates by using Simplified Chinese versions of MSN and QQ, or by sending a copy of itself to all contacts found in the MSN Messenger application.
It has a routine that activates every 0.5 seconds and basically contains most of its activities as follows:
- Check the files KILLME.CMD and STOP.CMD
- Modify the HOSTS file
- Propagate through instant messengers (IMs)
It also locates window control titles with the following characteristics:
- First line can be translated to “Send Picture”
- Second line can be translated to “Send File to Friend”
It constructs a message written in simplified Chinese. The said text somehow tricks a user into clicking a particular URL, which is owned by its author.
It also overwrites the HOSTS file with certain lines that prevents access to specific Web sites.
This Aspack-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 10, 2004 7:21:35 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
