This is a dangerous worm that spreads via the Internet attached to e-mail messages. The worm itself is a Windows application about 12K in size. To spread, the worm uses SMTP and connects to the “mail.bezeqint.net” e-mail server
The worm obtains a victim’s e-mail addresses from HTML files. It searches for *.HT* files on the hard drive and looks for e-mail addresses there.
The infected messages contain the following data:
In case of an error, or when infected messages are sent, the worm encrypts all EXE files the in current and all parent directories. While encrypting, the worm uses standard Windows crypto API.
The worm also contains the following texts in its body:
|Find out the statistics of the threats spreading in your region|