Malware type: Worm

Aliases: Email-Worm.Win32.Eyeveg.h (Kaspersky), W32/Eyeveg.worm.gen (McAfee), W32.Lanieca.A@mm (Symantec), Worm/Eyeveg.H (Avira), W32/Eyeveg-H (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 98, ME, 2000, XP

Encrypted: No

Description: 

This mass-mailing worm arrives via email as a zip file attachment. Upon execution, it drops a copy of itself in the Windows system folder using a randomly generated filename.

It also drops a randomly named Dynamic Link Library (.DLL) file, which is a spyware program detected by Trend Micro as TSPY_AGENT.C, in the Windows system folder.

This dropped spyware registers itself as a browser helper object (BHO). It also has keylogging capabilities, and stores logged keystrokes in a dropped .DLL file.

This worm propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine.

The email it sends contain the following details:

Subject: any of the following

details
girls
image
love
message
music
news
photo
pic
readme
resume
screensaver
song
video

Attachment: any of the following:

details.zip
girls.zip
image.zip
love.zip
message.zip
music.zip
news.zip
photo.zip
pic.zip
readme.zip
resume.zip
screensaver.zip
song.zip
video.zip

The emails do not contain any text in the message body area.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 23, 2005 11:28:41 PM GMT -0800
Description updated: May. 24, 2005 12:19:05 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.