Description:
This memory-resident worm arrives as an attachment to mass-mailed email messages. When executed, it copies itself into shared folders of peer-to-peer networks bearing file names of popular applications to entice users into dowloading and executing or installing these files.
It also drops copies of itself in all physical and removable drives of the affected system, further enhancing the effectivity of its propagation routine for users sharing or accessing drives from other machines. Along with it is an AUTORUN.INF file that allows the copy's automatic execution once the removable of physical drive is accessed.
This worm is also capable of attaching itself into emails that contain any of the following details:
It uses its own Simple Mail Transfer Protocol (SMTP) engine to send these emails.
To get a one-glance comprehensive view of the behavior of WORM_SWARLEY.A, refer to the Behavior Diagram shown below.
For its payload, this worm displays the following image to trick the user into thinking that it is a non-malicious file:
It also attempts to connect to certain Web sites possibly to download other malware or an updated copy of itself.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 21, 2009 5:43:28 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
