|
Description:
This memory-resident worm propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine. It arrives as an email attachment, which is a ZIP file containing an HTML and a UPX-compressed Win32 EXE file.
The email message that it sends out has the following details:
From: admin@%n%
Subject: your account %n%
Message Body:
Hello there,
I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.
Best regards, Administrator
%n%
Attachment: "message.zip"
(Note: %n% is a variable string.)
This malware exploits vulnerabilities which affects Internet Explorer and Microsoft Outlook Express, known as
Object Tag code base exploit and MHTML exploit. These vulnerabilities allow a malicious user to execute any code and script on the infected machine.
The affected software are as follows:
- Microsoft Outlook Express 5.5
- Microsoft Outlook Express 6.0
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
For more information about these vulnerabilities, visit the Microsoft Web site.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 1, 2003 8:37:24 AM GMT -0800
Description updated: Aug. 1, 2003 8:41:04 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
