|
Description:
This mass-mailing worm poses as a legitimate email from Microsoft Windows Update. The following are samples of email messages that the worm sends out:
Email 1:
From: ms inet mail storage service [webdaemon@freemail.com]
To: network receiver
Subject: <none>
Message Body:
Hi.
Undeliverable message to <user>@freemail.com
Attachment: <random name>.exe
Email 2:
Every attachment with a random file name has any of the following file extensions:
The worm also attempts to propagate via peer-to-peer (P2P) file-sharing networks, such as Kazaa. It can also propagate via IRC and via newsgroups.
It terminates running antivirus and firewall software.
This worm uses an old Microsoft Internet Explorer Vulnerability tackled in the Microsoft Security Bulletin (MS01-020) entitled Incorrect MIME Header Can Cause IE to Execute E-mail Attachment. It sends some of its email messages containing an exploit to this vulnerability, causing the attachments to automatically execute whenever the messages are viewed or previewed in Microsoft Outlook or Outlook Express.
This malware is written and compiled in Microsoft Visual C++, a high-level programming language. It runs on Windows 95, 98, ME, NT, 2000, and XP.
Please refer to the Technical Details section for more informaton about this worm.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 18, 2003 6:05:14 AM GMT -0800
Description updated: May. 15, 2004 8:42:48 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
