|
Description:
This memory-resident worm uses its own SMTP (Simple Mail Transfer Protocol) engine to send itself via email to target recipients, which it gathers from an affected machine. The email that it sends out has varying subjects, message bodies, and attachment file names.
It drops the following copies of itself in the Windows and Windows system folders respectively:
It may overwrite certain files, which redirect all lookups for domains associated with various antivirus companies to a specific local host.
It creates the following folder in the Windows folder, where it drops several copies of itself:
{21EC2020-3AEA-1069-A2DD-08002B30309D}
It also creates a text file that disguises either as WSICK32.DLL or WSUCK32.DLL , which serves as a repository for the email messages, in the Windows systems folder.
This UPX-compressed malware runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 2, 2004 1:00:40 PM GMT -0800
Description updated: Mar. 2, 2004 12:00:00 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
