|
Description:
Like earlier NETSKY variants, this worm mainly propagates via email. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email with varying subjects, message bodies and attachment names that are mostly written in Brazilian Portugese. The email attachment usually arrives in a ZIP archive but may also have BAT, COM, DOC, and PIF extensions.
This worm gathers target email addresses from certain files found in the system, virtually using the affected system as propagation launch pad.
For its email message, the worm takes out from a long list of subjects, message bodies and attachment file names. Some examples are listed below:
Subjects
- 0123456789
- Abra rapido isso!!!!
- acrdito que em voce!!!
- algo a mais
- AmaVoce
Message bodies
- 0123456789
- Abra rapido isso!!!!
- acrdito que em voce!!!
- agradou
- agua!
Attachment file names
- agradou
- agua!
- AIDS!
- banco!
- bingos!
(Note: For complete details about the email message that this worm sends out, please click here.)
It also drops copies of itself in network shares and peer-to-peer shared folders.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 13, 2004 11:26:51 AM GMT -0800
Description updated: Mar. 3, 2005 9:00:04 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
