|
Description:
This mass-mailing worm propagates via email. It uses Microsoft Outlook to send out a link to its file to all recipients found in the Microsoft Outlook address book.
It sends email with the following details:
Subject: Re:
Message body:
You received this email because you where sent a 'pass this on e-messenger card' through one of our valued partners. If you believe you received this message in error or would no longer like to receive e-mail from us click here
http://www.geocities.com/ecard<blocked>senger/us.htm
To download your card click on the link below:
http://www.geocities.com/ecard<blocked>senger/ecmsetup1.zip
P.S. If you received this message but do not know the sender or wish to unsubscribe or if you have any questions, please mail to services@emmsconline.com
The worm email has no attachment. Instead, it contains a link that points to a zipped copy of this worm (ECMSETUP1.EXE).
The zip file contains the main worm and a keylogger component, which logs user keystrokes and sends them to a specific email address.
This worm displays the following message box after sending email:
The worm is written in Visual Basic and requires the ActiveX control file MSWINSCK.OCX. It runs on Windows 95, 98, ME, NT 2000, and XP, as long as the control file is present.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 1, 2003 11:45:58 PM GMT -0800
Description updated: Jul. 2, 2003 5:17:56 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
