..
Click anywhere to stop
Click anywhere to stop
Class | Email-Worm |
Platform | Win32 |
Description |
Technical DetailsI-Worm.Borzella is a worm virus spreading via the Internet in an infected file attached to e-mails. The worm itself is a Windows PE EXE file about 50Kb in length and written in Microsoft Visual C++. The infected messages have Subject/Body/Attachment names that are randomly selected from three variants each. Infected messages contain:
Messages displayed by the Borzella virus: On September 6 Borzella will put forth the following message: The worm activates only when a user clicks on the attached file. Once this is done the worm then installs itself into the system, runs a spreading routine and delivers its payload. Installing While installing the worm copies itself into the Windows directory with the dllmgr.exe name and registers that file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun The worm then displays the following messages:
Spreading To send infected messages the worm uses a direct connection to the SMTP server. To get victim email addresses the worm opens and scans the Windows Address Book (WAB).
|
Find out the statistics of the threats spreading in your region |