Class Email-Worm
Platform Win32

Technical Details

This is the worm virus spreading via the Internet being attached to infected
emails. The worm itself is Windows PE EXE file about 8Kb of length written in

The infected messages have following fields:

Mail From: < >
From: MP3 Deluxe
To: My best friends
Subject: Phenomenal
Body: body is empty
Attach: MP3Player.exe

To run from infected message the worm uses IFrame security breach. The worm
then installs itself to the system and runs spreading routine.

While installing the worm copies itself to Windows system directory with the
SSMS.EXE name and registers this file in system registry auto-run key:


To send infected messages the worm uses direct connection to default SMTP
server, or to “” server.

To get victims’ email addresses the worm uses Windows MAPI functions and
reads emails from email boxes.

Find out the statistics of the threats spreading in your region