Malware type: Worm

Aliases: Email-Worm.Win32.Xipi.a (Kaspersky), W32/Xeff.worm!p2p (McAfee), W32.Duksten.C@mm (Symantec), Worm/Xipi.A (Avira), W32/Xipi-A (Sophos),

In the wild: Yes

Destructive: No

Language: English; Spanish

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This worm propagates by dropping copies of itself into known shared folders of popular peer-to-peer (P2P) file sharing applications.

It can also propagate by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. It may email itself to random contacts found in the Microsoft Outlook address book.

Below is a screenshot of the email it sends:

This worm injects its code into EXPLORER.EXE, enabling it to run together with Windows Explorer. This also serves as its stealth mechanism, rendering its process invisible under Windows’ Task Manager.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 29, 2005 7:06:25 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.