|
Description:
This memory-resident, mass-mailing worm propagates copies of itself via email to all addresses found in the infected system using either its own SMTP (Simple Mail Transfer Protocol) engine or Microsoft Outlook (using MAPI or Messaging Application Programming Interface). It gathers email addresses from HTM and HTML files found in the infected system.
It sends out the following email message:
(Note that the message body contains initial text strings that trick recipients into thinking that the email message was forwarded by a Yahoo user.)
The executable attachment, which may arrive inside a ZIP file, has an icon that is usually associated with ShockWave Flash files.
At approximately 15 minutes after this worm has executed, it overwrites all files in all folders of writable drives with the following text strings:
1-No PeaCe WithOut WaR
_
>> TT TT >>> 11>>>OoO>>9\Om
>> TiiT >>> YX >>OOo>>11\Om
>> OXBYL -> Haw >> ()()9.9.12MP
_1s00x05y988z877c7y7756477v77x7777g8oro885t55oro312852oro14P,u
2- Made By ZaCker
It is written in Visual Basic, a high-level programming language, and is compressed using the UPX compression utility.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 5, 2002 9:51:28 AM GMT -0800
Description updated: Dec. 5, 2002 10:12:12 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
