I-Worm.Borzella is a worm virus spreading via the Internet in an infected file attached to e-mails.
The worm itself is a Windows PE EXE file about 50Kb in length and written in Microsoft Visual C++.
The infected messages have Subject/Body/Attachment names that are randomly selected from three variants each.
Infected messages contain:
Messages displayed by the Borzella virus:
On September 6 Borzella will put forth the following message:
The worm activates only when a user clicks on the attached file. Once this is done the worm then installs itself into the system, runs a spreading routine and delivers its payload.
While installing the worm copies itself into the Windows directory with the dllmgr.exe name and registers that file in the system registry auto-run key:
The worm then displays the following messages:
To send infected messages the worm uses a direct connection to the SMTP server. To get victim email addresses the worm opens and scans the Windows Address Book (WAB).
|Find out the statistics of the threats spreading in your region|