Class | Email-Worm |
Platform | JS |
Description |
Technical DetailsThis is a dangerous worm. It replicates using Outlook, Outlook Express Installation While installing into the system, the worm creates several files:
Then the worm finds its “already infected” sign in the registry, and if The infection presence sign is located in the following registry key:
The worm finds all connected network drives and copies itself to them to
Spreading via e-mail The worm uses Outlook and Outlook Express to spread in infected e-mail Infected message contain the following properties:
The worm also sends a message that contains the e-mail addresses of its Spreading via IRC The worm finds the installation folder of an mIRC client application, and Filename sent through mIRC: “mmsn_offline.htm” Payload The worm adds the following line in the file Autoexec.bat:
This results in formatting disk C: upon computer restarting. If the day of the month is the 1st, 5th, 10th, 15th or 20th, the worm deletes all files |
Find out the statistics of the threats spreading in your region |