This is a Win32 PE EXE worm that spreads in e-mail messages using a system’s default MAPI client. When started, it copies itself to %WINDOWS%Win32Dlw.EXE and %SYSTEM%Win32Exp.EXE, then writes the following key to the registry to start automaically with Windows:
If the current month is Semptember, the worm draws the following message on the screen:
Then, the worm shows a message box with a ‘…’ title and the following text:
After displaying a message, the worm does nothing for 2 minutes, and then sends itself to all senders of e-mail messages stored in the default MAPI client inbox.
All messages sent by the worm have the following properties:
Message subject is: Bin Ladenov zivot.
Ako jos do sada niste znali ko je Bin Laden onda
|Find out the statistics of the threats spreading in your region|