Malware type: Worm

Aliases: Email-Worm.Win32.Zhelatin.zt (Kaspersky), Mal/TibsPak (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be downloaded from certain remote sites.

It drops copies of itself. It drops files/components.

It creates registry entries to enable its automatic execution at every system startup.

It creates registry key(s)/entry(ies).

It uses its own Simple Mail Transfer Protocol (SMTP) engine to send email messages that contain a link pointing to a remote copy of itself. Below is a sample of the email message it sends out:

It opens ports where it listens for remote commands. This routine effectively compromises the affected system.

It invokes a certain legitimate file to bypass the Windows Firewall. It also attempts to connect to a known malicious Web site.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 4, 2008 1:20:05 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.